Enabling logout option for secure clusters

To sign out from the application (DAS Webapp) and the identity provider on secure clusters, you need to create a KnoxSSO out topology in the Ambari console and configure the knox_ssout_url through the Ambari UI.

This section can be used to configure the Knox SSO logout URL for both HA and non-HA clusters.

  1. SSH in to the Ambari console on which you have configured Knox as a root user.
  2. If you are configuring KnoxSSOUT for the first time, then you need to create a KnoxSSO out topology called knoxssout.xml in the /etc/knox/x.x.x.x-xx/0/topologies directory.
    If you have already configured KnoxSSOUT, then you can skip this step.
    Add the following lines in the knoxssout.xml file:
    <?xml version="1.0"?>
    <topology>
      <gateway>
        <provider>
          <role>hostmap</role>
          <name>static</name>
          <enabled>true</enabled>
        </provider>
      </gateway>
      <service>
        <role>KNOXSSOUT</role>
      </service>
    </topology>
    
  3. On the Ambari UI, go to Data Analytics Studio > Config > Advanced data_analytics_studio-security-site and specify the Knox SSO logout URL in the knox_ssout_url field in the following format:
    https://{host}:{port}/{cluster-name}/{knox-sso-out-topo}/api/v1/webssout
    Where, knox-sso-out-topo is the name of the KnoxSSO out topology xml file that you created earlier. In this case, it is knoxssout.

    The host and the port that you specify here should be the same as those specified in the knox_sso_url field.

    To obtain the cluster_name, on the Ambari UI, click admin > Manage Ambari > Cluster Information and note the value from the Cluster Name field.

    If you have HA clusters, then specify the host and the port of the load balancer pointing to the Knox instance.

  4. Click Save and click through the confirmation pop-ups.
  5. Restart DAS and any services that require restart by clicking Actions > Restart All Required.