The default configurations for Knox token integration are as follows.
Default configurations🔗
Table 1. Default token configurations
Property
Sample values
Default
Knox Token Integration - Configured Token TTL
See Token TTL details
for more information.
1 hour(s)
40 second(s)
1 day(s)
Knox Token Integration - Enable Lifespan Input
true
false
true
Knox Token Integration - User Limit
-1 (infinite)
10
10
Default configurations seen from Cloudera Manager:
Default configurations seen from the Knox homepage UI:
Database connection properties🔗
Optional database connection properties that you can declare individually:
gateway.database.type: Set to postgresql or mysql.
gateway.database.host: Host where your DB server is running.
gateway.database.port: Port that your DB server is listening on.
gateway.database.name: Name of the database you are connecting
to.
Token TTL details🔗
Out of the box, Knox will display the custom lifetime spinners on the Token Generation
page. However, they can be hidden by disabling the Knox Token Integration - Enable
Lifespan Input checkbox on the CM UI. Given that input property, and the
configured maximum lifetime property, the generated token can have the following TTL
value:
If there is no configured token TTL and lifespan inputs are disabled, the default TTL is
used (30 seconds).
If there is configured TTL and lifespan inputs are disabled, the configured TTL is
used.
If there is configured TTL and lifespan inputs are enabled and lifespan inputs result in
a value that is less than or equal to the configured TTL, the lifespan query param is
used.
If there is configured TTL and lifespan inputs are enabled and lifespan inputs result in
a value that is greater than the configured TTL, the configured TTL is used.
Generate-jwk options🔗
CM automatically creates a token hash key for you. But if you want to do this manually,
such as when scripting, configure the knox.token.hash.key alias with:
generate-jwk--saveAlias knox.token.hash.key
This
generates a JSON Web Key using the supplied algorithm name.
Table 2. Options
Option
Description
Sample values
jwkAlg
(Optional) The desired JSON Web Signature algorithm name. Determines if the
gateway-level alias is configured with a 256, 384, or 512-bit length JWK.
HS256 (Default)
HS384
HS512
saveAlias
(Optional, Recommended) Given alias name used to save the generated JWK,
instead of printing this sensitive information on the screen.
knox.token.hash.key
topology
(Optional) Name of the topology (i.e., the cluster) to be used when saving
the JWK as an alias. If none specified, the alias is going to be saved for the
Gateway.
cdp-proxy (Default)
cdp-proxy api
We want your opinion
How can we improve this page?
What kind of feedback do you have?
This site uses cookies and related technologies, as described in our privacy policy, for purposes that may include site operation, analytics, enhanced user experience, or advertising. You may choose to consent to our use of these technologies, or
