Configure Apache Knox authentication for PAM
Knox authentication configurations for PAM in Cloudera Manager. PAM is the default SSO authentication provider in CDP Private Cloud.
SSO authentication for PAM
In CDP Private Cloud, Cloudera Manager added a new Knox configuration, called
Knox
Simplified Topology Management - SSO Authentication Provider
, with the following
initial configuration:
role=authentication
authentication.name=ShiroProvider
authentication.param.sessionTimeout=30
authentication.param.redirectToUrl=/${GATEWAY_PATH}/knoxsso/knoxauth/login.html
authentication.param.restrictedCookies=rememberme,WWW-Authenticate
authentication.param.urls./**=authcBasic
authentication.param.main.pamRealm=org.apache.knox.gateway.shirorealm.KnoxPamRealm
authentication.param.main.pamRealm.service=login
Every change here goes directly into knoxsso
topology that affects
manager
, homepage
and cdp-proxy
topologies as they are using the federation provider.API authentication for PAM
A new Knox configuration has been added for CDP Private Cloud, called
Knox Simplified Topology Management - API Authentication Provider
, with
the following initial
configuration:role=authentication
authentication.name=ShiroProvider
authentication.param.sessionTimeout=30
authentication.param.urls./**=authcBasic
authentication.param.main.pamRealm=org.apache.knox.gateway.shirorealm.KnoxPamRealm
authentication.param.main.pamRealm.service=login
Every
change here goes directly into admin, metadata,
and
cdp-proxy-api
topologies.