Configuring the Knox gateway-site.xml

Configure the Knox per-user token limit in Cloudera Manager for Data Sharing. Knox and Ranger Admin permissions are required to create CLIENT_ID and CLIENT_SECRET.

The CLIENT_ID and CLIENT_SECRET are required for creating Data Shares to authorize your external clients. These credentials are exchanged for temporary access tokens.

The Cloudera on cloud user must have both Knox and Ranger Admin privileges to perform the tasks required to configure Knox parameters.
For more information on setting the Ranger admin, see:
- Cloudera account administrator
- Administering Ranger Users, Groups, Roles, and Permissions
Knox topologies are automatically deployed. Editing the token lifetime (using the KNOXTOKEN:knox.token.ttl property) and the token allowance per user (using the KNOXTOKEN:knox.token.limit.per.user property) is applicable to all topologies, but can be overridden by individual topology settings.
important
If you use multiple services using the same Knox token gateway, Cloudera strongly recommends using topology level settings by each service.

To set the Knox token limit parameter, go to Cloudera Manager > Clusters > Knox > Configuration.
Search for the gateway.knox.token.limit.per.user property, and enter the desired limit.

note
The value -1 removes the limit (unlimited). Setting the property to gateway.knox.token.limit.per.user=2, allows two external Data Share users concurrently without an expiration time limit. This setting applies to all user across all Knox topologies.

Figure 1. Knox token limit settings
Click Save Changes and refresh the configuration.

In AWS environments, continue with any of the following steps:
- Creating a new Data Share in Cloudera Data Catalog
- Creating a Data Share with CDP CLI
In Azure environments, continue with Creating a Data Share.