Enabling Knox SSO for Cloudera Data Visualization

You can configure Cloudera Data Visualization to use Knox Single Sign-On (SSO) if Knox is available in your cluster. The setup requires a Kerberized environment and includes configuring both Cloudera Data Visualization and Knox.

The cluster must be Kerberized.
Cloudera Data Visualization must be installed and Knox must be available on your cluster.
Kerberos authentication must be enabled for Cloudera Data Visualization.
If not already configured, enable Kerberos authentication for Cloudera Data Visualization.
1. In Cloudera Manager, go to Clusters and select the Dataviz service.
2. Click the Configuration tab.
3. In the Search bar, type kerberos to filter the relevant settings.
4. Find the Enable Kerberos Authentication property.
5. Check the Dataviz (Service-Wide) box next to Enable Kerberos Authentication.
6. For Kerberos Principal, enter the Kerberos username (principal short name) the Cloudera Data Visualization service should use.
7. Click Save Changes.
8. Restart the Dataviz service for the changes to take effect.
Kerberos is now enabled for Cloudera Data Visualization, which is a prerequisite for enabling Knox SSO.

Configure Cloudera Data Visualization for Knox SSO.
1. In Cloudera Manager, go to Clusters and select the Dataviz service.
2. Click the Configuration tab.
3. Search for the Authentication backends used by the webserver property and set its value to:
  arcwebbase.backends.KnoxSpnegoDjangoBackend,django.contrib.auth.backends.ModelBackend
  
  note
  
  This configuration enables Knox SSO while still allowing fallback login at /arc/apps/login. To enforce Knox authentication only, remove the fallback by setting AUTHENTICATION_BACKENDS to arcwebbase.backends.KnoxSpnegoDjangoBackend
4. Restart the Dataviz service to apply the changes.
Make the Dataviz service definition available to Knox.
1. Locate DATAVIZ-KNOX-[***version***].tgz on theCloudera archive site and download it to the node where the Knox service is running.
  This file is co-located with the Cloudera Data Visualization CSD on the archive site and must be manually downloaded to each Knox host.
  For example, to download DATAVIZ-KNOX-8.0.4-b47.p1.67141340.tgz to /tmp, run the following command:
```
cd /tmp;
wget https://archive.cloudera.com/p/cdv/8.0.4/redhat8/yum/DATAVIZ-KNOX-8.0.4-b47.p1.67141340.tgz
```
2. SSH to the Knox node.
```
ssh [***knox-node***]
```
  Replace [***knox-node***] with the hostname or IP address of your Knox node.
3. Navigate to the temp directory and extract the archive to the Knox services directory.
```
cd /tmp
tar xzf /tmp/DATAVIZ-KNOX-[***version***].tgz -C /opt/cloudera/parcels/CDH/lib/knox/data/services
```
  Replace [***version***] with the version number of the DATAVIZ-KNOX archive you downloaded.
4. Verify that the Cloudera Data Visualization service was extracted correctly.
```
ls -la /opt/cloudera/parcels/CDH/lib/knox/data/services | grep dataviz
```
Update the Knox cdp-proxy topology.
1. In Cloudera Manager, go to Clusters and select the Knox service.
2. Click the Configuration tab.
3. Search for the Knox Simplified Topology Management - cdp-proxy property.
4. Edit the cdp-proxy topology by adding a new service entry for Cloudera Data Visualization.
```
DATAVIZ:url=[***dataviz-service-url***]
```
5. In Cloudera Manager, locate Knox > > Simplified Topology Management.
6. Save the topology changes.
7. Restart the Knox service.

Once configuration is complete, Cloudera Data Visualization will be accessible through Knox at: https://[***knox-host**]:[***port***]/gateway/cdp-proxy/dataviz/

Alternatively, you can also access Cloudera Data Visualization using the Knox Gateway home page.

Access will be granted based on the identity authenticated by Knox.