Unable to log into Hue with Knox

Opening Hue from Cloudera Manager or Knox Gateway Home may fail if the Kerberos principal name for the Knox service is different from the default Kerberos principal defined in the hue.ini file. To resolve this issue, you must set the value of the knox_principal property to your custom Kerberos principal name for Knox in the Hue Advanced Configuration Snippet, so that Hue's login mechanism (KnoxSpenegoDjangoBackend) can authenticate using Knox's Kerberos principal name.

If logging into Hue fails due to a mismatch between the custom Kerberos principal name for Knox and the default Kerberos principal name defined in the hue.ini file, then you may see the following error in the access.log file: Failed to verify provided username set(['KNOX-PRINCIPAL-NAME']) with set(['knox']).

Log in to Cloudera Manager as an Administrator.
Optional: Note the Kerberos principal name for the Knox service from Clusters > Knox service > Configuration > Kerberos Principal.
Go to Clusters > Hue service > Configuration > Hue Service Advanced Configuration Snippet (Safety Valve) for hue_safety_valve.ini and enter the following lines:
```
[desktop]
[[knox]]
knox_principal=[***KNOX-PRINCIPAL-NAME***]
```
Replace [***KNOX-PRINCIPAL-NAME***] with the Kerberos principal name for the Knox service that you obtained earlier.
Click Save Changes.
Restart the Hue service.

You should be able to log into Hue from the Knox Gateway UI > cdp-proxy topology.