Azure - Cluster Authentication

Token

When creating a cluster, the authentication is made through a token. The property fs.adl.oauth2.access.token.provider.type is Custom

<property>
  <name>fs.adl.oauth2.access.token.provider.type</name>
  <value>Custom</value>
</property>

<property>
  <name>fs.azure.datalake.token.provider.script</name>
  <value>/usr/lib/hdinsight-common/scripts/decrypt.sh</value>
</property>

<property>
  <name>fs.azure.datalake.token.provider.service.urls</name>
  <value>http://gw1-42h.ceches310vkhzwh.ax.internal.cloudapp.net:909/api/oauthtoken,http://gw3-42h.cechecmupznukhzwh.ax.internal.cloudapp.net:909/api/oauthtoken</value>
</property>

How to get a token ?

• You can get an encrypted token by calling one of the URL in fs.azure.datalake.token.provider.service.urls
• That you can decrypt with the shell script set in the property fs.azure.datalake.token.provider.script

Example:

• Get the encrypted token

curl curl http://gw1-42h.ceches310vkhzwh.ax.internal.cloudapp.net:909/api/oauthtoken

{"AccessToken":"MIIGHQYJKoZIhvcNAQcDoIIGDjCCBgoCAQA…….","ExpiresOn":1500447750098}

• Decrypt it

/usr/lib/hdinsight-common/scripts/decrypt.sh MIIGHQYJKoZIhvcNAQcDoIIGDjCCBgoCAQA…….

EAw+eA8qSpvrvw0Tnsm3lOXVSdalW

Documentation / Reference

• https://hdinsight.github.io/ClusterManagement/hdinsight-adlsaccessissues.html