| <?xml version="1.0"?> |
| <?xml-stylesheet type="text/xsl" href="configuration.xsl"?> |
| <!-- |
| /** |
| * Licensed to the Apache Software Foundation (ASF) under one |
| * or more contributor license agreements. See the NOTICE file |
| * distributed with this work for additional information |
| * regarding copyright ownership. The ASF licenses this file |
| * to you under the Apache License, Version 2.0 (the |
| * "License"); you may not use this file except in compliance |
| * with the License. You may obtain a copy of the License at |
| * |
| * http://www.apache.org/licenses/LICENSE-2.0 |
| * |
| * Unless required by applicable law or agreed to in writing, software |
| * distributed under the License is distributed on an "AS IS" BASIS, |
| * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| * See the License for the specific language governing permissions and |
| * limitations under the License. |
| */ |
| --> |
| <configuration supports_final="false" supports_adding_forbidden="true"> |
| <!-- topology file --> |
| <property> |
| <name>content</name> |
| <display-name>admin-topology template</display-name> |
| <value> |
| <topology> |
| |
| <gateway> |
| |
| <provider> |
| <role>authentication</role> |
| <name>ShiroProvider</name> |
| <enabled>true</enabled> |
| <param> |
| <name>sessionTimeout</name> |
| <value>30</value> |
| </param> |
| <param> |
| <name>main.ldapRealm</name> |
| <value>org.apache.hadoop.gateway.shirorealm.KnoxLdapRealm</value> |
| </param> |
| <param> |
| <name>main.ldapRealm.userDnTemplate</name> |
| <value>uid={0},ou=people,dc=hadoop,dc=apache,dc=org</value> |
| </param> |
| <param> |
| <name>main.ldapRealm.contextFactory.url</name> |
| <value>ldap://{{knox_host_name}}:33389</value> |
| </param> |
| <param> |
| <name>main.ldapRealm.contextFactory.authenticationMechanism</name> |
| <value>simple</value> |
| </param> |
| <param> |
| <name>urls./**</name> |
| <value>authcBasic</value> |
| </param> |
| </provider> |
| |
| <provider> |
| <role>authorization</role> |
| <name>AclsAuthz</name> |
| <enabled>true</enabled> |
| <param> |
| <name>knox.acl</name> |
| <value>admin;*;*</value> |
| </param> |
| </provider> |
| |
| <provider> |
| <role>identity-assertion</role> |
| <name>Default</name> |
| <enabled>true</enabled> |
| </provider> |
| |
| </gateway> |
| |
| <service> |
| <role>KNOX</role> |
| </service> |
| |
| </topology> |
| |
| </value> |
| <description> |
| The configuration specifies the Knox admin API configuration and access details. The authentication provider should be configured to match your deployment details. |
| </description> |
| <value-attributes> |
| <type>content</type> |
| <empty-value-valid>true</empty-value-valid> |
| <show-property-name>false</show-property-name> |
| </value-attributes> |
| <on-ambari-upgrade add="true"/> |
| </property> |
| </configuration> |