Cloudera Docs

Configure Knox for SMM integration

  1. From the Ambari UI Advanced streams-messaging-manager-sso-config, verify that Authentication.provider.url is accurate.
    The format of the URL is as follows:
    https://<hostname>:8443/gateway/knoxsso/api/v1/websso
    For example,
    https://dw-weekly.field.cloudera.com:8443/gateway/knoxsso/api/v1/websso
  2. Generate your public.key.pem.
    1. From Knox | Configs | Advanced knoxsso-toplogy, add the following:
      <name>main.ldapRealm.userDnTemplate</name>
<value>CN=admin1,CN=Users,DC=HWQE,DC=HORTONWORKS,DC=COM</value>

<name>main.ldapRealm.contextFactory.url</name>
<value>ldap://ad-nano.qe.hortonworks.com:389</value>

<name>knoxsso.redirect.whitelist.regex</name>
<value>.*;^/.*$;https?://localhost*$;^http.*$</value>
    2. Save this change and restart Knox.
    3. Export the Knox certificate.
      cd /usr/hdp/current/knox-server/bin
./knoxcli.sh export-cert --type PEM
[root@dw-weekly bin]# ./knoxcli.sh export-cert --type PEM
Certificate gateway-identity has been successfully exported to: /usr/hdp/<HDP_version>/knox-server/data/security/keystores/gateway-identity.pem
  3. Open gateway-identity.pem that is created in the previous step and copy the content between ----BEGIN CERTIFICATE---- and ----END CERTIFICATE---- lines.
    For example,

  4. From the Ambari UI Advanced streams-messaging-manager-sso-config, insert the content, which you copied in the previous step, in the public.key.pem field.