[
https://issues.apache.org/jira/browse/AMBARI-23311?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16413896#comment-16413896
]
Robert Levas commented on AMBARI-23311:
---------------------------------------
[~smolnar]..
Here is the/my confusion. "Ambari" is part of the services list. However, the
original implementation assumed that you wanted to turn on (or off) the feature
for Ambari when you chose to configuration SSO authentication. The properties
for his are stored in the \{{ambari.properties}} file.
In the new implementation, we are setting Ambari up for SSO authentication and
then additionally choosing services to set up as well. I suppose, since Ambari
is in that service's list, we can choose to set up SSO authentication for
services and not for Ambari. So my request, above, no longer makes sense.
We just need to make sure that if Ambari is selected in the services list, that
the {{authentication.jwt.enabled}} property in the ambari.properties file is
set to {{true}}, else it should be set to {{false}}.
Eventually we should think about moving this data to the Ambari DB, like the
LDAP configuration.
> Use Ambari CLI to specify which services should be setup for SSO integration
> ----------------------------------------------------------------------------
>
> Key: AMBARI-23311
> URL: https://issues.apache.org/jira/browse/AMBARI-23311
> Project: Ambari
> Issue Type: Task
> Components: ambari-server
> Affects Versions: 2.7.0
> Reporter: Sandor Molnar
> Assignee: Sandor Molnar
> Priority: Major
> Labels: pull-request-available, security, sso
> Fix For: 2.7.0
>
> Time Spent: 1h
> Remaining Estimate: 0h
>
> Use Ambari CLI to specify which services should be setup for SSO integration.
> {noformat:title=Example}
> # ambari-server setup-sso
> Using python /usr/bin/python
> Setting up SSO authentication properties...
> Do you want to configure SSO authentication [y/n] (y)?y
> Enter Ambari Admin login: admin
> Enter Ambari Admin password: admin
> Provider URL [URL] (http://example.com):http://knox.ambari.apache.org:8080
> Public Certificate pem (stored) (empty line to finish input):
> AAAAB3NzaC1yc2EAAAADAQABAAABAQD....
> Manage SSO for installed services [y/n] (n)? y
> Use SSO for all services [y/n] (y)? n
> Use SSO for Ambari [y/n] (y)? y
> Use SSO for HDFS [y/n] (y)? y
> Use SSO for YARN [y/n] (y)? y
> ...
> Use SSO for ZOOKEEPER [y/n] (y)? n
> Do you want to configure advanced properties [y/n] (n) ?
> Ambari Server 'setup-sso' completed successfully.
> {noformat}
> NOTE: this will require obtaining an Ambari administrator username and
> password to GET, PUT, and POST to the Ambari REST API.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
