Configure Knox SSO for EFM

Learn how to configure Knox SSO for the EFM Server.

  • You have installed Knox on your CDP cluster.
  • You have installed and secured the EFM Server.
  1. Obtain the Knox public certificate in PEM format.
    openssl s_client 
    -servername NAME 
    -connect HOST:PORT |  sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > 
  2. Save the certificate on the EFM Server and ensure the file is readable by the user running the EFM process.
  3. Update the EFM configuration file with the following properties:
    # User Authentication Properties
    # authentication via TLS mutual auth with client certificates
    # authentication via Knox SSO token passed in a cookie header
    # authentication via generic reverse proxy with user passed in a header[0]=
  4. In Cloudera Manager, update the Knox topology for the Knox SSO service to add the EFM hostname (or EFM load balancer hostname when clustered) to the authorized redirect URLs. For example:
  5. Restart EFM and Knox.