Unable to authenticate users in Hue using SAML
If you have configured SAML to authenticate users, but your users are unable to log into Hue using Single Sign On (SSO), then it is possible that the RSA key format is not supported. To resolve this issue, you can use an unprotected private key and then specify the private key filename in the safety valve.
.keyfile to an unprotected private key file by using the following command:
openssl rsa -in /opt/cloudera/security/<file name>.key -out /opt/cloudera/security/<file name_unprotected>.key
openssl rsa -in /opt/cloudera/security/hadoop-cpi-prod.key -out /opt/cloudera/security/hadoop-cpi-prod_unprotected.key
Update the advanced configuration snippet as shown in the following example:
[libsaml] xmlsec_binary=/usr/bin/xmlsec1 metadata_file=/opt/cloudera/security/saml/idp-openam-metadata.xml key_file=/opt/cloudera/security/hadoop-cpi-prod_unprotected.key cert_file=/opt/cloudera/security/hadoop-cpi-prod.pem