myloginid · July 13, 2021 17:45
diff --git a/knox-plus-certs.efm.properties b/knox-plus-certs.efm.properties
 # Example EFM Config
 # Web UI users authenticate using Knox SSO
 # MiNiFi Agents authenticate using two-way TLS with client certificates

 # Web Server TLS Properties
 efm.server.ssl.enabled=true
 efm.server.ssl.keyStore=./conf/keystore.jks
 efm.server.ssl.keyStoreType=jks
 efm.server.ssl.keyStorePassword=yourKeyStorePasswordHere
 efm.server.ssl.keyPassword=yourKeyPasswordHere
 efm.server.ssl.trustStore=./conf/truststore.jks
 efm.server.ssl.trustStoreType=jks
 efm.server.ssl.trustStorePassword=yourTrustStorePasswordHere
 efm.server.ssl.clientAuth=WANT

 # Possible values for clientAuth are NONE, WANT, NEED
 #  - NONE: Client never provides a certificate and is not authenticated.
 #  - WANT: Server will ask for a client certificate, but will accept connections from clients without certificates.
 #  - NEED: Server will require a client certificate, and will refuse connections for clients without trusted certificates.

 # User Authentication Properties
 # authentication via TLS mutual auth with client certificates
 efm.security.user.certificate.enabled=true
 # authentication via Knox SSO token passed in a cookie header
 efm.security.user.knox.enabled=true
 efm.security.user.knox.url=https://knox.mycompany.com:8443/gateway/knoxsso/api/v1/websso
 efm.security.user.knox.publicKey=/path/to/knox-server-keystores/public-key.pem
 efm.security.user.knox.cookieName=hadoop-jwt
 #efm.security.user.knox.audiences=
 # authentication via generic reverse proxy with user passed in a header
 efm.security.user.proxy.enabled=false
 efm.security.user.proxy.headerName=x-webauth-user
 #efm.security.user.proxy.ipWhitelist=
 #efm.security.user.proxy.dnWhitelist[0]=
	# Example EFM Config
	# Web UI users authenticate using Knox SSO
	# MiNiFi Agents authenticate using two-way TLS with client certificates

	# Web Server TLS Properties
	efm.server.ssl.enabled=true
	efm.server.ssl.keyStore=./conf/keystore.jks
	efm.server.ssl.keyStoreType=jks
	efm.server.ssl.keyStorePassword=yourKeyStorePasswordHere
	efm.server.ssl.keyPassword=yourKeyPasswordHere
	efm.server.ssl.trustStore=./conf/truststore.jks
	efm.server.ssl.trustStoreType=jks
	efm.server.ssl.trustStorePassword=yourTrustStorePasswordHere
	efm.server.ssl.clientAuth=WANT

	# Possible values for clientAuth are NONE, WANT, NEED
	# - NONE: Client never provides a certificate and is not authenticated.
	# - WANT: Server will ask for a client certificate, but will accept connections from clients without certificates.
	# - NEED: Server will require a client certificate, and will refuse connections for clients without trusted certificates.

	# User Authentication Properties
	# authentication via TLS mutual auth with client certificates
	efm.security.user.certificate.enabled=true
	# authentication via Knox SSO token passed in a cookie header
	efm.security.user.knox.enabled=true
	efm.security.user.knox.url=https://knox.mycompany.com:8443/gateway/knoxsso/api/v1/websso
	efm.security.user.knox.publicKey=/path/to/knox-server-keystores/public-key.pem
	efm.security.user.knox.cookieName=hadoop-jwt
	#efm.security.user.knox.audiences=
	# authentication via generic reverse proxy with user passed in a header
	efm.security.user.proxy.enabled=false
	efm.security.user.proxy.headerName=x-webauth-user
	#efm.security.user.proxy.ipWhitelist=
	#efm.security.user.proxy.dnWhitelist[0]=