Configuring the Knox gateway-site.xml

Learn how to configure Knox parameters to allow admin permissions in Knox. Admin permission is required to create the CLIENT_ID and CLIENT_SECRET.

The CLIENT_ID and CLIENT_SECRET is required for creating Data Shares to authorize your external clients.

The Cloudera on cloud user must be configured as both Knox and Ranger Admin to perform the tasks required to configure Knox parameters.
note
For more information on setting the Ranger admin, see:
- Cloudera account administrator
- Administering Ranger Users, Groups, Roles, and Permissions
Declare the Knox topologies.

Go to Cloudera Manager > Clusters > Knox > Configuration > Advanced Configuration Snippet (Safety Valve) for conf/gateway-site.xml
Add the gateway.knox.admin.users parameter.

note

Users who create the Client tokens and secrets for data sharing, must be a part of the Knox admin users and groups configuration. For example, gateway.knox.admin.users = ***SHAREADMIN1***, ***SHAREADMIN2***.
Add the gateway.knox.admin.groups parameter.
Add the Knox token limit parameter:
1. Cloudera Manager > Clusters > Knox > Configuration.
2. Search for gateway.knox.token.limit.per.user, then set the value of the parameter.
  
  note
  The value -1 means "unlimited". For example, using gateway.knox.token.limit.per.user=2 allows two external Data Share users concurrently without an expiration time limit. This setting applies to all user across all Knox topologies.
  
  Figure 1. Editing the token limit per user
Figure 2. Adding the admin user and group
Click Save Changes and refresh the configuration as needed.

Continue with configuring the Knox IDBroker.