| <?xml version="1.0" encoding="utf-8"?> |
| <!-- |
| Licensed to the Apache Software Foundation (ASF) under one or more |
| contributor license agreements. See the NOTICE file distributed with |
| this work for additional information regarding copyright ownership. |
| The ASF licenses this file to You under the Apache License, Version 2.0 |
| (the "License"); you may not use this file except in compliance with |
| the License. You may obtain a copy of the License at |
| |
| http://www.apache.org/licenses/LICENSE-2.0 |
| |
| Unless required by applicable law or agreed to in writing, software |
| distributed under the License is distributed on an "AS IS" BASIS, |
| WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| See the License for the specific language governing permissions and |
| limitations under the License. |
| --> |
| <topology> |
| <gateway> |
| <provider> |
| <role>webappsec</role> |
| <name>WebAppSec</name> |
| <enabled>true</enabled> |
| <param><name>xframe.options.enabled</name><value>true</value></param> |
| </provider> |
| |
| <provider> |
| <role>authentication</role> |
| <name>ShiroProvider</name> |
| <enabled>true</enabled> |
| <param> |
| <!-- |
| session timeout in minutes, this is really idle timeout, |
| defaults to 30mins, if the property value is not defined,, |
| current client authentication would expire if client idles contiuosly for more than this value |
| --> |
| <name>sessionTimeout</name> |
| <value>30</value> |
| </param> |
| <param> |
| <name>restrictedCookies</name> |
| <value>rememberme,WWW-Authenticate</value> |
| </param> |
| <param> |
| <name>main.ldapRealm</name> |
| <value>org.apache.hadoop.gateway.shirorealm.KnoxLdapRealm</value> |
| </param> |
| <param> |
| <name>main.ldapContextFactory</name> |
| <value>org.apache.hadoop.gateway.shirorealm.KnoxLdapContextFactory</value> |
| </param> |
| <param> |
| <name>main.ldapRealm.contextFactory</name> |
| <value>$ldapContextFactory</value> |
| </param> |
| <param> |
| <name>main.ldapRealm.userDnTemplate</name> |
| <value>uid={0},ou=people,dc=hadoop,dc=apache,dc=org</value> |
| </param> |
| <param> |
| <name>main.ldapRealm.contextFactory.url</name> |
| <value>ldap://localhost:33389</value> |
| </param> |
| <param> |
| <name>main.ldapRealm.authenticationCachingEnabled</name> |
| <value>false</value> |
| </param> |
| <param> |
| <name>main.ldapRealm.contextFactory.authenticationMechanism</name> |
| <value>simple</value> |
| </param> |
| <param> |
| <name>urls./**</name> |
| <value>authcBasic</value> |
| </param> |
| </provider> |
| |
| <provider> |
| <role>identity-assertion</role> |
| <name>Default</name> |
| <enabled>true</enabled> |
| </provider> |
| |
| <provider> |
| <role>hostmap</role> |
| <name>static</name> |
| <enabled>true</enabled> |
| <param><name>localhost</name><value>sandbox,sandbox.hortonworks.com</value></param> |
| </provider> |
| |
| </gateway> |
| |
| <application> |
| <name>knoxauth</name> |
| </application> |
| |
| <service> |
| <role>KNOXSSO</role> |
| <param> |
| <name>knoxsso.cookie.secure.only</name> |
| <value>true</value> |
| </param> |
| <param> |
| <name>knoxsso.token.ttl</name> |
| <value>-1</value> |
| </param> |
| <param> |
| <name>knoxsso.redirect.whitelist.regex</name> |
| <value>^https?:\/\/(localhost|127\.0\.0\.1|0:0:0:0:0:0:0:1|::1):[0-9].*$</value> |
| </param> |
| </service> |
| |
| </topology> |