Hey Folks,

I’ve enabled Knox SSO and I am able to navigate to the Knox SSO UI and enter credentials to log in. I am seeing that the JWT cookie is properly created with the claims that I would expect. Some questions:

1) Is it possible to include additional claims that contain group information for the user from LDAP?

2) Does the Knox SSO implementation support JSON Web Key (JWK)?

3) Where is the signing key stored? I have the desire to validate the JWT in a third party web container. I am using Knox 0.12.0 on HDP 2.6.2.

4) On HDP 2.6.2 I have noticed that when I make changes to the "Advanced knoxsso-topology” section for the Knox Service in Ambari and then restart the service that the changes are not persisted to disk at /usr/hdp/current/knox-server/conf/topologies/knoxsso.xml and thus the changes are not picked up until that file is hand edited to reflect the changes. Is this a known issue? For example changes to the “knoxsso.redirect.whitelist.regex” in the ambari config will not take effect until the file mentioned above is hand edited.


Christopher Jackson