CDP实操--配置KNOX SSO(五)
1.1配置Atlas的SSO身份验证
在Knox SSO的topology里配置Knox与LDAP集成认证如下,并重启Knox服务
role=authentication authentication.name=ShiroProvider authentication.param.sessionTimeout=30 authentication.param.redirectToUrl=/${GATEWAY_PATH}/knoxsso/knoxauth/login.html authentication.param.restrictedCookies=rememberme,WWW-Authenticate authentication.param.urls./**=authcBasic authentication.param.main.ldapRealm=org.apache.knox.gateway.shirorealm.KnoxLdapRealm authentication.param.main.ldapContextFactory=org.apache.knox.gateway.shirorealm.KnoxLdapContextFactory authentication.param.main.ldapRealm.contextFactory=$ldapContextFactory authentication.param.main.ldapRealm.contextFactory.authenticationMechanism=simple authentication.param.main.ldapRealm.contextFactory.url=ldap://edge.example.com:389 authentication.param.main.ldapRealm.contextFactory.systemUsername=uid=allan_admin,cn=users,cn=accounts,dc=example,dc=com authentication.param.main.ldapRealm.contextFactory.systemPassword=BadPass@1 authentication.param.main.ldapRealm.userDnTemplate=uid={0},cn=users,cn=accounts,dc=example,dc=com authentication.param.remove=main.pamRealm authentication.param.remove=main.pamRealm.service |
密钥:
勾选Enable Knox SSO,配置https://edge.example.com:8443/gateway/knoxsso/api/v1/websso到Knox SSO provider URL
属性里,并将获取的public key填入到Knox SSO Public-Key属性中
验证是否正常跳转:
1.2配置Ranger的SSO身份验证
1.3配置Hue的SSO身份验证
选择Knox 网关 UI
