You need to enable platform JWT authentication for your Hive Virtual Warehouse during
creation or editing of the Virtual Warehouse and configure some HiveServer (HS2) properties.
This ensures that the Hive Virtual Warehouse supports authentication using JWT
tokens.
You must have acquired the JWT token through your Identity Provider (IDP). In CDW,
you use the Knox Token Generation service to generate the token.
-
Follow the instructions for creating a Virtual Warehouse.
-
Under Authentication, select Enable JWT
Authentication.
-
From the Overview page, go to the Virtual
Warehouses tab, click against the required Hive Virtual Warehouse.
The Virtual Warehouse Details page is displayed.
-
Go to .
-
Select hive-site from the Configuration
files drop-down list, search for
hive.server2.authentication
, and set the value to JWT along
with existing authentication protocols that are specified.
For example, 'LDAP,SAML,JWT'.
-
Search for
hive.server2.authentication.jwt.jwks.skip.ssl.cert
and set the value to true.
-
Search for
hive.server2.transport.mode
and set the value to
http.
-
Search for
hive.server2.authentication.jwt.jwks.url
and, if
you find it, set the value to the JSON Web Key Sets (JWKS) URL, which is used to
sign the JWT token. For example,
https://myadmin-host/myadmin/homepage/knoxtoken/api/v1/jwks.json.
If you do not find
hive.server2.authentication.jwt.jwks.url
,
click
Add Custom Configuration and add it to
hive-site as a custom property, and then set the
value to the JSON Web Key Sets (JWKS) URL.
You can fetch the JWKS URL by
pasting the copied JWT token in the jwt.io website. Paste the JWT token in
the Encoded text box of the Debugger and the decoded token header displays a
jku parameter that contains the URL. You can provide a comma-separated list
of jwks.json URL for this configuration.
-
If you modify the JWKS URL, restart HiveServer.
-
Click Apply Changes.