To configure Hue for SAML authentication on managed clusters, you must add the
SAML authentication properties to the Hue Service Advanced Configuration Snippet
(Safety Valve) for hue_safety_valve.ini in Cloudera Manager.
These instructions assume that you have an Identity
Provider set up and running. You can use any identity provider of your choice. For
example, Okta, Ping Identity, and OpenAM.
-
Log on to Cloudera Manager and go to
.
-
In the search text box, enter hue_safety_valve.ini to
locate the Hue Service Advanced Configuration Snippet
(Safety Valve) for hue_safety_valve.ini.
-
Enter the SAML parameters into the Hue Service Advanced Configuration Snippet
(Safety Valve) for hue_safety_valve.ini text box. For example:
## Example Settings using Open AM:
[desktop]
redirect_whitelist="^\/.*$,^http:\/\/clr.sec.cloudera.com:8080\/.*$"
[[auth]]
backend=libsaml.backend.SAML2Backend
[libsaml]
xmlsec_binary=/usr/bin/xmlsec1
metadata_file=/opt/cloudera/security/saml/idp-openam-metadata.xml
key_file=/opt/cloudera/security/saml/host.key
cert_file=/opt/cloudera/security/saml/host.pem
username_source=nameid
name_id_format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
entity_id=<host base name>
logout_enabled=false
-
Click Save Changes, then select,
.
