Remove a provider parameter in an existing provider configuration

An example of how to remove the authentication parameter from a shared provider configuration.

In this example you will see how to remove an authentication provider parameter in the pam shared provider configuration. This particular provider is set as follows:
{
  "providers" : [ {
    "role" : "authentication",
    "name" : "ShiroProvider",
    "enabled" : true,
    "params" : {
      "main.pamRealm" : "org.apache.knox.gateway.shirorealm.KnoxPamRealm",
      "main.pamRealm.service" : "login",
      "sessionTimeout" : "30"
    }
  } ],
  "readOnly" : true
}
  1. From Cloudera Manager > Knox > Configuration, add the following entry in the Knox Gateway Advanced Configuration Snippet (Safety Valve) for conf/cdp-resources.xml:
    • name = providerConfigs:pam
    • value = role=authentication#authentication.name=ShiroProvider#authentication.param.remove=sessionTimeout#authentication.param.main.pamRealm=org.apache.knox.gateway.shirorealm.KnoxPamRealm#authentication.param.main.pamRealm.service=login
  2. Save your changes.
  3. Refresh the cluster.
  4. Validate:
    $ curl -ku <username>:<password> 'https://johndoe-1.abc.cloudera.com:8443/gateway/admin/api/v1/providerconfig/pam'{
      "providers" : [ {
        "role" : "authentication",
        "name" : "ShiroProvider",
        "enabled" : true,
        "params" : {
          "main.pamRealm" : "org.apache.knox.gateway.shirorealm.KnoxPamRealm",
          "main.pamRealm.service" : "login"
        }
      } ],
      "readOnly" : true
    }