Hello, I am trying to secure Hbase ui using Apache Knox.
>From the Knox configuration point of view I managed to secure the HBASEUI >service, if I go on >https://<knox-host>:8443/gateway/default/hbase/webui/master?host=<my-hbase-hoste>&port=<my-hbase-port> > I have to login using SSO then I get redirected to Hbase web ui which works >as expected. But if I directly access HBase master without getting logged in I don’t get redirected to Knox login page which is what I would like to have, same as HDFS and YarnUI. I don’t see anything related to knox only [ https://hbase.apache.org/book.html#hbase.secure.ldap.ui | ldap ] or [ https://hbase.apache.org/book.html#hbase.secure.spnego.ui | spnego ] in the HBase configuration. The only thing related to that that I could find was [ https://issues.apache.org/jira/browse/HBASE-28501?page=com.atlassian.jira.plugin.system.issuetabpanels%3Aall-tabpanel | this issue ] but I couldn’t get anything to work. I protected both HDFS and Yarn by adding this in core-site.xml which works fine. ```xml < property > < name > hadoop.http.authentication.type </ name > < value > org.apache.hadoop.security.authentication.server.JWTRedirectAuthenticationHandler </ value > </ property > < property > < name > hadoop.http.authentication.authentication.provider.url </ name > < value > https:// < knox-hostname > :8443/gateway/knoxsso/api/v1/websso </ value > </ property > < property > < name > hadoop.http.authentication.public.key.pem </ name > < value > < token > </ value > </ property > ``` Adding those properties allowed me to get redirected to knox host page when I didn’ t login yet. From Hbase web UI I can directly have access to /conf where I actually can see those core-site parameters but they don’ t seem to protect hbase so I might be missing something. I am wondering if you knew how to secure Hbase UI to have the same behavior. Do you know what configuration I am missing to redirect it back to the Knox gateway login page from the Hbase UI as for the other services where the JWT token is passed and used for keeping the user session ? Thank you for your answers.
