What's New in Apache Knox
New features and functional updates for Apache Knox are introduced in Cloudera Runtime 7.3.2, its service packs, and cumulative hotfixes.
Cloudera Runtime 7.3.2.0:
Cloudera Runtime 7.3.2 introduces new features of Knox and includes all service packs and cumulative hotfixes from 7.3.1.100 through 7.3.1.706. For a comprehensive record of all updates in Cloudera Runtime 7.3.1.x, see New Features .
- SameSite attribute for pac4j session cookies is now configurable
- You can now configure the SameSite attribute for pac4j session cookies.
- Group impersonation support in Knox
- Knox now supports group impersonation, allowing users in specific groups to impersonate other users. For more information, see Configuring Group Impersonation in Knox.
- Session policies for Knox IDBroker AWS credentials
- Knox IDBroker now supports AWS session policies to restrict permissions for temporary cloud credentials. Configure session policies using Cloudera Manager to manage them centrally across IDBroker instances. For more information, see Configuring Knox IDBroker session policies for AWS credentials.
- Role-level alias management for Knox Gateway and IDBroker
- The alias management configuration has been moved from service-level to role-level.
Each role now has its own dedicated configuration:
gateway_save_alias_command_inputfor the Knox Gateway role andidbroker_save_alias_command_inputfor the IDBroker role. Two role-specific commands are now available: Save Alias - Knox Gateway and Save Alias - IDBroker. For more information, see Saving aliases.
