Configuring the Knox gateway-site.xml

Configure the Knox per-user token limit in Cloudera Manager for Data Sharing. Knox and Ranger Admin permissions are required to create CLIENT_ID and CLIENT_SECRET.

The CLIENT_ID and CLIENT_SECRET is required for creating Data Shares to authorize your external clients.

The Cloudera on cloud user must be configured as both Knox and Ranger Admin to perform the tasks required to configure Knox parameters.
note
For more information on setting the Ranger admin, see:
- Cloudera account administrator
- Administering Ranger Users, Groups, Roles, and Permissions
Knox topologies are automatically deployed. Editing the token lifetime (KNOXTOKEN:knox.token.ttl) and the token allowance per user (KNOXTOKEN:knox.token.limit.per.user) is applicable to all topologies, but can be overridden by individual topology settings.
important
If you use multiple services using the same Knox token gateway, Cloudera strongly recommends using topology level settings by each service.

Set the Knox token limit parameter:
Cloudera Manager > Clusters > Knox > Configuration.
Search for gateway.knox.token.limit.per.user, then set the value of the parameter.

note
The value -1 means "unlimited". For example, using gateway.knox.token.limit.per.user=2 allows two external Data Share users concurrently without an expiration time limit. This setting applies to all user across all Knox topologies.
Click Save Changes and refresh the configuration as needed.

Continue with any of the following: