blob: 502dd857debbbe5566bec9a3c8b975bbb70354e6 [file] [log] [blame]
<?xml version="1.0"?>
<?xml-stylesheet type="text/xsl" href="configuration.xsl"?>
<!--
/**
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
-->
<configuration supports_final="false" supports_adding_forbidden="true">
<!-- topology file -->
<property>
<name>content</name>
<display-name>admin-topology template</display-name>
<value>
&lt;topology&gt;
&lt;gateway&gt;
&lt;provider&gt;
&lt;role&gt;authentication&lt;/role&gt;
&lt;name&gt;ShiroProvider&lt;/name&gt;
&lt;enabled&gt;true&lt;/enabled&gt;
&lt;param&gt;
&lt;name&gt;sessionTimeout&lt;/name&gt;
&lt;value&gt;30&lt;/value&gt;
&lt;/param&gt;
&lt;param&gt;
&lt;name&gt;main.ldapRealm&lt;/name&gt;
&lt;value&gt;org.apache.hadoop.gateway.shirorealm.KnoxLdapRealm&lt;/value&gt;
&lt;/param&gt;
&lt;param&gt;
&lt;name&gt;main.ldapRealm.userDnTemplate&lt;/name&gt;
&lt;value&gt;uid={0},ou=people,dc=hadoop,dc=apache,dc=org&lt;/value&gt;
&lt;/param&gt;
&lt;param&gt;
&lt;name&gt;main.ldapRealm.contextFactory.url&lt;/name&gt;
&lt;value&gt;ldap://{{knox_host_name}}:33389&lt;/value&gt;
&lt;/param&gt;
&lt;param&gt;
&lt;name&gt;main.ldapRealm.contextFactory.authenticationMechanism&lt;/name&gt;
&lt;value&gt;simple&lt;/value&gt;
&lt;/param&gt;
&lt;param&gt;
&lt;name&gt;urls./**&lt;/name&gt;
&lt;value&gt;authcBasic&lt;/value&gt;
&lt;/param&gt;
&lt;/provider&gt;
&lt;provider&gt;
&lt;role&gt;authorization&lt;/role&gt;
&lt;name&gt;AclsAuthz&lt;/name&gt;
&lt;enabled&gt;true&lt;/enabled&gt;
&lt;param&gt;
&lt;name&gt;knox.acl&lt;/name&gt;
&lt;value&gt;admin;*;*&lt;/value&gt;
&lt;/param&gt;
&lt;/provider&gt;
&lt;provider&gt;
&lt;role&gt;identity-assertion&lt;/role&gt;
&lt;name&gt;Default&lt;/name&gt;
&lt;enabled&gt;true&lt;/enabled&gt;
&lt;/provider&gt;
&lt;/gateway&gt;
&lt;service&gt;
&lt;role&gt;KNOX&lt;/role&gt;
&lt;/service&gt;
&lt;/topology&gt;
</value>
<description>
The configuration specifies the Knox admin API configuration and access details. The authentication provider should be configured to match your deployment details.
</description>
<value-attributes>
<type>content</type>
<empty-value-valid>true</empty-value-valid>
<show-property-name>false</show-property-name>
</value-attributes>
<on-ambari-upgrade add="true"/>
</property>
</configuration>