InstallationPDF version

Configure Knox for SMM integration

  1. From the Ambari UI Advanced streams-messaging-manager-sso-config, verify that Authentication.provider.url is accurate.
    The format of the URL is as follows:
    https://<hostname>:8443/gateway/knoxsso/api/v1/websso
    For example,
    https://dw-weekly.field.cloudera.com:8443/gateway/knoxsso/api/v1/websso
  2. Generate your public.key.pem.
    1. From Knox | Configs | Advanced knoxsso-toplogy, add the following:
      <name>main.ldapRealm.userDnTemplate</name>
<value>CN=admin1,CN=Users,DC=HWQE,DC=HORTONWORKS,DC=COM</value>

<name>main.ldapRealm.contextFactory.url</name>
<value>ldap://ad-nano.qe.hortonworks.com:389</value>

<name>knoxsso.redirect.whitelist.regex</name>
<value>.*;^/.*$;https?://localhost*$;^http.*$</value>
    2. Save this change and restart Knox.
    3. Export the Knox certificate.
      cd /usr/hdp/current/knox-server/bin
./knoxcli.sh export-cert --type PEM
[root@dw-weekly bin]# ./knoxcli.sh export-cert --type PEM
Certificate gateway-identity has been successfully exported to: /usr/hdp/<HDP_version>/knox-server/data/security/keystores/gateway-identity.pem
  3. Open gateway-identity.pem that is created in the previous step and copy the content between ----BEGIN CERTIFICATE---- and ----END CERTIFICATE---- lines.
    For example,

  4. From the Ambari UI Advanced streams-messaging-manager-sso-config, insert the content, which you copied in the previous step, in the public.key.pem field.


We want your opinion

How can we improve this page?

What kind of feedback do you have?