You need to enable platform JWT authentication for your Hive Virtual Warehouse during
creation or editing of the Virtual Warehouse and configure some HiveServer (HS2) properties.
This ensures that the Hive Virtual Warehouse supports authentication using JWT
tokens.
You must have acquired the JWT token through your Identity Provider (IDP). In CDW,
you use the Knox Token Generation service to generate the token.
-
Follow the instructions for creating a Virtual Warehouse.
-
Select Enable JWT Authentication.
-
From the Overview page, click
against the
required Hive Virtual Warehouse, and click Edit.
-
In the Details page, click .
-
Select hive-site from the drop-down list, search for
hive.server2.authentication
, and set the value to JWT along
with existing authentication protocols that are specified.
For example, 'LDAP,SAML,JWT'.
-
Search for hive.server2.authentication.jwt.jwks.skip.ssl.cert and set the value to true.
-
Search for hive.server2.transport.mode and set the value to http.
-
Search for hive.server2.authentication.jwt.jwks.url and, if you find it, set
the value to the JSON Web Key Sets (JWKS) URL, which is used to sign the JWT
token. For example,
https://myadmin-host/myadmin/homepage/knoxtoken/api/v1/jwks.json
If you do not find hive.server2.authentication.jwt.jwks.url, click

and
add it to hive-site as a custom property, and then set the value to the JSON Web
Key Sets (JWKS) URL.
You can fetch the JWKS URL by pasting the copied JWT
token in the jwt.io website. Paste the JWT token in the Encoded text box of
the Debugger and the decoded token header displays a jku parameter that
contains the URL. You can provide a comma-separated list of jwks.json URL
for this configuration.
-
If you modify the JWKS URL, restart HiveServer.