Unable to authenticate users in Hue using SAML

If you have configured SAML to authenticate users, but your users are unable to log into Hue using Single Sign On (SSO), then it is possible that the RSA key format is not supported. To resolve this issue, you can use an unprotected private key and then specify the private key filename in the safety valve.

  1. Convert the .key file to an unprotected private key file by using the following command:
    openssl rsa -in /opt/cloudera/security/<file name>.key -out /opt/cloudera/security/<file name_unprotected>.key
    openssl rsa -in /opt/cloudera/security/hadoop-cpi-prod.key -out /opt/cloudera/security/hadoop-cpi-prod_unprotected.key
  2. Update the advanced configuration snippet as shown in the following example:
    [libsaml]
    xmlsec_binary=/usr/bin/xmlsec1
    metadata_file=/opt/cloudera/security/saml/idp-openam-metadata.xml
    key_file=/opt/cloudera/security/hadoop-cpi-prod_unprotected.key
    cert_file=/opt/cloudera/security/hadoop-cpi-prod.pem