Before setting up token-based authentication, you must configure a few HiveServer (HS2) properties and add a custom property.
-
In the CDW UI, in Overview, select a Hive Virtual
Warehouse, click
, and click Edit.
-
In Details, click .
-
Select hive-site from the drop-down list, search for
hive.server2.authentication
. , and set the value to JWT
along with existing authentication protocols that are specified.
For example, 'LDAP,SAML,JWT'.
-
Search for
hive.server2.authentication.jwt.jwks.skip.ssl.cert
and set the value to true.
-
Search for
hive.server2.transport.mode
and set the value to
http.
-
Search for
hive.server2.authentication.jwt.jwks.url
and, if
you find it, set the value to the JSON Web Key Sets (JWKS) URL, which is used to
sign the JWT token. For example,
https://myadmin-host/myadmin/homepage/knoxtoken/api/v1/jwks.json
If you do not find
hive.server2.authentication.jwt.jwks.url
,
click

and add it to
hive-site
as a
custom property, and then set the value to the JSON Web Key Sets (JWKS) URL.
You can fetch the JWKS URL by pasting the copied JWT token in the
jwt.io
website. Paste the JWT token in the Encoded text
box of the Debugger and the decoded token header displays a jku parameter
that contains the URL. You can provide a comma-separated list of
jwks.json URL for this configuration.
-
If you modify the JWKS URL, restart HiveServer.