Remove a provider parameter in an existing provider configuration

An example of how to remove the authentication parameter sessionTimeout from a shared provider configuration.

In this example you will see how to remove the authentication provider parameter sessionTimeout in the pam shared provider configuration. This particular provider is set as follows:

{
  "providers" : [ {
    "role" : "authentication",
    "name" : "ShiroProvider",
    "enabled" : true,
    "params" : {
      "main.pamRealm" : "org.apache.knox.gateway.shirorealm.KnoxPamRealm",
      "main.pamRealm.service" : "login",
      "sessionTimeout" : "30"
    }
  } ],
  "readOnly" : true
}

In Cloudera Manager, select the Knox service.
Go to Configuration.
Find the Knox Gateway Advanced Configuration Snippet (Safety Valve) for conf/cdp-resources.xml property.

Click View as XML and add the following.

<property><name>providerConfigs:pam</name><value>role=authentication#authentication.name=ShiroProvider#authentication.param.remove=sessionTimeout#authentication.param.main.pamRealm=org.apache.knox.gateway.shirorealm.KnoxPamRealm#authentication.param.main.pamRealm.service=login</value></property>

Save your changes.
Refresh the cluster.

Validate:

$ curl -ku <username>:<password> 'https://johndoe-1.abc.cloudera.com:8443/gateway/admin/api/v1/providerconfig/pam'{
  "providers" : [ {
    "role" : "authentication",
    "name" : "ShiroProvider",
    "enabled" : true,
    "params" : {
      "main.pamRealm" : "org.apache.knox.gateway.shirorealm.KnoxPamRealm",
      "main.pamRealm.service" : "login"
    }
  } ],
  "readOnly" : true
}