Hue Authentication
The following sections describe how to configure Kerberos security, enable single sign-on with SAML and encrypt session communication between Hue and other CDH services.
Hue Security Enhancements
Enabling LDAP Authentication with HiveServer2 and Impala
ldap_username | LDAP username of the Hue user to be authenticated. |
ldap_password |
LDAP password for the Hue user to be authenticated. |
Session Timeout
Session timeouts can be set by specifying the ttl configuration property under the [desktop]>[[session]] section in hue.ini.
ttl |
The cookie containing the users' session ID will expire after this amount of time in seconds. Default: 60*60*24*14 |
Secure Cookies
Secure session cookies can be enable by specifying the secure configuration property under the [desktop]>[[session]] section in hue.ini. Additionally, you can set the http-only flag for cookies containing users' session IDs.
secure |
The cookie containing the users' session ID will be secure. Should only be enabled with HTTPS. Default: false |
http-only |
The cookie containing the users' session ID will use the HTTP only flag. Default: false |
Allowed HTTP Methods
You can specify the HTTP request methods that the server should respond to using the http_allowed_methods property under the [desktop] section in hue.ini.
http_allowed_methods |
Default: options,get,head,post,put,delete,connect |
Restricting the Cipher List
Cipher list support with HTTPS can be restricted by specifying the ssl_cipher_list configuration property under the [desktop] section in hue.ini.
ssl_cipher_list |
Default: !aNULL:!eNULL:!LOW:!EXPORT:!SSLv2 |
URL Redirect Whitelist
Restrict the domains or pages to which Hue can redirect users. The redirect_whitelist property can be found under the [desktop] section in hue.ini.
redirect_whitelist |
For example, to restrict users to your local domain and FQDN, the following value can be used: ^\/.*$,^http:\/\/www.mydomain.com\/.*$ |