Knox configuration in gateway-site.xml

Learn how to configure Knox parameters to allow admin permissions in Knox. Admin permission is required to create the CLIENT_ID and CLIENT_SECRET.

The CLIENT_ID and CLIENT_SECRET is required for creating Data Shares to authorize your external clients.

The Cloudera public cloud user must be configured as both Knox and Ranger Admin to perform the tasks required to configure Knox parameters.

Go to Cloudera Manager > Knox > Instances > Configuration > Advanced Configuration Snippet (Safety Valve) for conf/gateway-site.xml
Add the gateway.knox.admin.users parameter.

note

Users who run the knoxshare.py script, must be a part of the Knox admin users and groups configuration. For example, gateway.knox.admin.users = shareadmin1, shareadmin2

.
Add the gateway.knox.admin.groups parameter.
Add the gateway.knox.token.limit.per.user parameter.
The value -1 means "unlimited".

Continue with configuring the Knox IDBroker.