diff --git a/ambari-logsearch/ambari-logsearch-server/src/main/java/org/apache/ambari/logsearch/auth/filter/AbstractJWTFilter.java b/ambari-logsearch/ambari-logsearch-server/src/main/java/org/apache/ambari/logsearch/auth/filter/AbstractJWTFilter.java
index 80fbf6bb506..2edcf8814e2 100644
--- a/ambari-logsearch/ambari-logsearch-server/src/main/java/org/apache/ambari/logsearch/auth/filter/AbstractJWTFilter.java
+++ b/ambari-logsearch/ambari-logsearch-server/src/main/java/org/apache/ambari/logsearch/auth/filter/AbstractJWTFilter.java
@@ -18,6 +18,7 @@
  */
 package org.apache.ambari.logsearch.auth.filter;
 
+import com.google.gson.Gson;
 import io.jsonwebtoken.Claims;
 import io.jsonwebtoken.ExpiredJwtException;
 import io.jsonwebtoken.Jwts;
@@ -46,12 +47,15 @@
 import java.io.ByteArrayInputStream;
 import java.io.IOException;
 import java.io.UnsupportedEncodingException;
+import java.net.URLEncoder;
 import java.security.cert.CertificateException;
 import java.security.cert.CertificateFactory;
 import java.security.cert.X509Certificate;
 import java.security.interfaces.RSAPublicKey;
 import java.util.Collection;
+import java.util.HashMap;
 import java.util.List;
+import java.util.Map;
 
 public abstract class AbstractJWTFilter extends AbstractAuthenticationProcessingFilter {
 
@@ -110,14 +114,27 @@ public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
   @Override
   protected void successfulAuthentication(HttpServletRequest request, HttpServletResponse response, FilterChain chain, Authentication authResult) throws IOException, ServletException {
     super.successfulAuthentication(request, response, chain, authResult);
-    response.sendRedirect(request.getRequestURL().toString() + getOriginalQueryString(request));
+    String ajaxRequestHeader = request.getHeader("X-Requested-With");
+    if (isWebUserAgent(request.getHeader("User-Agent")) && !"XMLHttpRequest".equals(ajaxRequestHeader)) {
+      response.sendRedirect(request.getRequestURL().toString() + getOriginalQueryString(request));
+    }
+    // chain.doFilter(request, response); TODO: check
   }
 
   @Override
   protected void unsuccessfulAuthentication(HttpServletRequest request, HttpServletResponse response, AuthenticationException failed) throws IOException, ServletException {
     super.unsuccessfulAuthentication(request, response, failed);
+    String ajaxRequestHeader = request.getHeader("X-Requested-With");
     String loginUrl = constructLoginURL(request);
-    response.sendRedirect(loginUrl);
+    if (!isWebUserAgent(request.getHeader("User-Agent")) || "XMLHttpRequest".equals(ajaxRequestHeader)) {
+      Map<String, String> mapObj = new HashMap<>();
+      mapObj.put("knoxssoredirectURL", URLEncoder.encode(loginUrl, "UTF-8"));
+      response.setContentType("application/json");
+      response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
+      response.sendError(HttpServletResponse.SC_UNAUTHORIZED,  new Gson().toJson(mapObj));
+    } else {
+      response.sendRedirect(loginUrl);
+    }
   }
 
   private String getJWTFromCookie(HttpServletRequest req) {
@@ -135,6 +152,20 @@ private String getJWTFromCookie(HttpServletRequest req) {
     return serializedJWT;
   }
 
+  private boolean isWebUserAgent(String userAgent) {
+    boolean isWeb = false;
+    List<String> userAgentList = getUserAgentList();
+    if (userAgentList != null && userAgentList.size() > 0) {
+      for (String ua : userAgentList) {
+        if (StringUtils.startsWithIgnoreCase(userAgent, ua)) {
+          isWeb = true;
+          break;
+        }
+      }
+    }
+    return isWeb;
+  }
+
   private RSAPublicKey parseRSAPublicKey(String pem) throws ServletException {
     String fullPem = PEM_HEADER + pem + PEM_FOOTER;
     try {
@@ -190,4 +221,6 @@ private boolean isAuthenticated(Authentication authentication) {
 
   protected abstract Collection<? extends GrantedAuthority> getAuthorities();
 
+  protected abstract List<String> getUserAgentList();
+
 }
diff --git a/ambari-logsearch/ambari-logsearch-server/src/main/java/org/apache/ambari/logsearch/conf/AuthPropsConfig.java b/ambari-logsearch/ambari-logsearch-server/src/main/java/org/apache/ambari/logsearch/conf/AuthPropsConfig.java
index 06673b3ac67..2facf86d174 100644
--- a/ambari-logsearch/ambari-logsearch-server/src/main/java/org/apache/ambari/logsearch/conf/AuthPropsConfig.java
+++ b/ambari-logsearch/ambari-logsearch-server/src/main/java/org/apache/ambari/logsearch/conf/AuthPropsConfig.java
@@ -137,7 +137,7 @@ public class AuthPropsConfig {
     sources = {LOGSEARCH_PROPERTIES_FILE}
   )
   private String cookieName;
-  @Value("${logsearch.auth.jwt.query.param.original_url:originalUrl=}")
+  @Value("${logsearch.auth.jwt.query.param.original_url:originalUrl}")
   @LogSearchPropertyDescription(
     name = "logsearch.auth.jwt.query.param.original_url",
     description = "Name of the original request URL which is used to redirect to Log Search Portal.",
@@ -157,6 +157,16 @@ public class AuthPropsConfig {
   )
   private List<String> audiences;
 
+  @Value("#{'${logsearch.auth.jwt.user.agents:Mozilla,Opera,Chrome}'.split(',')}")
+  @LogSearchPropertyDescription(
+    name = "logsearch.auth.jwt.user.agents",
+    description = "Comma separated web user agent list. (Used as prefixes)",
+    examples = {"Mozilla,Chrome"},
+    defaultValue = "Mozilla,Opera,Chrome",
+    sources = {LOGSEARCH_PROPERTIES_FILE}
+  )
+  private List<String> userAgentList;
+
   @Value("#{'${logsearch.roles.allowed:AMBARI.ADMINISTRATOR,CLUSTER.ADMINISTRATOR}'.split(',')}")
   @LogSearchPropertyDescription(
     name = "logsearch.roles.allowed",
@@ -296,4 +306,12 @@ public boolean isRedirectForward() {
   public void setRedirectForward(boolean redirectForward) {
     this.redirectForward = redirectForward;
   }
+
+  public List<String> getUserAgentList() {
+    return this.userAgentList;
+  }
+
+  public void setUserAgentList(List<String> userAgentList) {
+    this.userAgentList = userAgentList;
+  }
 }
diff --git a/ambari-logsearch/ambari-logsearch-server/src/main/java/org/apache/ambari/logsearch/conf/SecurityConfig.java b/ambari-logsearch/ambari-logsearch-server/src/main/java/org/apache/ambari/logsearch/conf/SecurityConfig.java
index c9961958485..338fc21a416 100644
--- a/ambari-logsearch/ambari-logsearch-server/src/main/java/org/apache/ambari/logsearch/conf/SecurityConfig.java
+++ b/ambari-logsearch/ambari-logsearch-server/src/main/java/org/apache/ambari/logsearch/conf/SecurityConfig.java
@@ -51,6 +51,7 @@
 
 import javax.inject.Inject;
 import javax.inject.Named;
+import java.util.ArrayList;
 import java.util.List;
 
 import static org.apache.ambari.logsearch.common.LogSearchConstants.LOGSEARCH_SESSION_ID;
@@ -120,7 +121,7 @@ protected void configure(HttpSecurity http) throws Exception {
       .addFilterBefore(logsearchJwtFilter(), LogsearchSecurityContextFormationFilter.class)
       .logout()
         .logoutUrl("/logout")
-        .deleteCookies(LOGSEARCH_SESSION_ID)
+        .deleteCookies(getCookies())
         .logoutSuccessHandler(new LogsearchLogoutSuccessHandler());
   }
 
@@ -196,7 +197,9 @@ public RequestMatcher requestMatcher() {
     matchers.add(new AntPathRequestMatcher("/docs/**"));
     matchers.add(new AntPathRequestMatcher("/swagger-ui/**"));
     matchers.add(new AntPathRequestMatcher("/swagger.html"));
-    matchers.add(new AntPathRequestMatcher("/"));
+    if (!authPropsConfig.isAuthJwtEnabled()) {
+      matchers.add(new AntPathRequestMatcher("/"));
+    }
     matchers.add(new AntPathRequestMatcher("/login"));
     matchers.add(new AntPathRequestMatcher("/logout"));
     matchers.add(new AntPathRequestMatcher("/resources/**"));
@@ -205,7 +208,6 @@ public RequestMatcher requestMatcher() {
     matchers.add(new AntPathRequestMatcher("/assets/**"));
     matchers.add(new AntPathRequestMatcher("/templates/**"));
     matchers.add(new AntPathRequestMatcher("/api/v1/info/**"));
-    matchers.add(new AntPathRequestMatcher("/api/v1/public/**"));
     matchers.add(new AntPathRequestMatcher("/api/v1/swagger.json"));
     matchers.add(new AntPathRequestMatcher("/api/v1/swagger.yaml"));
     return new OrRequestMatcher(matchers);
@@ -227,4 +229,13 @@ public RequestMatcher logsearchConfigRequestMatcher() {
     return new AntPathRequestMatcher("/api/v1/shipper/**");
   }
 
+  private String[] getCookies() {
+    List<String> cookies = new ArrayList<>();
+    cookies.add(LOGSEARCH_SESSION_ID);
+    if (authPropsConfig.isAuthJwtEnabled()) {
+      cookies.add(authPropsConfig.getCookieName());
+    }
+    return cookies.toArray(new String[0]);
+  }
+
 }
diff --git a/ambari-logsearch/ambari-logsearch-server/src/main/java/org/apache/ambari/logsearch/web/filters/LogsearchJWTFilter.java b/ambari-logsearch/ambari-logsearch-server/src/main/java/org/apache/ambari/logsearch/web/filters/LogsearchJWTFilter.java
index 164f646a126..fc5449b39cd 100644
--- a/ambari-logsearch/ambari-logsearch-server/src/main/java/org/apache/ambari/logsearch/web/filters/LogsearchJWTFilter.java
+++ b/ambari-logsearch/ambari-logsearch-server/src/main/java/org/apache/ambari/logsearch/web/filters/LogsearchJWTFilter.java
@@ -66,6 +66,11 @@ protected List<String> getAudiences() {
     return authPropsConfig.getAudiences();
   }
 
+  @Override
+  protected List<String> getUserAgentList() {
+    return authPropsConfig.getUserAgentList();
+  }
+
   @Override
   protected Collection<? extends GrantedAuthority> getAuthorities() {
     return null; // TODO
diff --git a/ambari-logsearch/docker/Dockerfile b/ambari-logsearch/docker/Dockerfile
index 8bfcae3a270..9c3fde78ef3 100644
--- a/ambari-logsearch/docker/Dockerfile
+++ b/ambari-logsearch/docker/Dockerfile
@@ -57,6 +57,25 @@ RUN git config --global url."https://".insteadOf git://
 ENV SOLR_VERSION 6.6.2
 RUN wget --no-check-certificate -O /root/solr-$SOLR_VERSION.tgz http://public-repo-1.hortonworks.com/ARTIFACTS/dist/lucene/solr/$SOLR_VERSION/solr-$SOLR_VERSION.tgz
 RUN cd /root && tar -zxvf /root/solr-$SOLR_VERSION.tgz
+
+# Install Knox
+WORKDIR /
+RUN adduser knox
+ENV KNOX_VERSION 0.14.0
+RUN wget -q -O /knox-${KNOX_VERSION}.zip http://download.nextag.com/apache/knox/${KNOX_VERSION}/knox-${KNOX_VERSION}.zip && unzip /knox-${KNOX_VERSION}.zip && rm knox-${KNOX_VERSION}.zip && ln -nsf knox-${KNOX_VERSION} knox && chmod +x /knox/bin/*.sh && chown -R knox /knox/
+
+ADD knox/keystores /knox-secrets
+RUN cd /knox-secrets && unzip test-secrets.zip
+RUN mkdir -p /knox/data/security/keystores
+RUN mv /knox-secrets/master /knox/data/security/master
+RUN cd /knox-secrets && cp -r * /knox/data/security/keystores/
+RUN chown -R knox /knox/data/security
+
+ADD knox/ldap.sh /ldap.sh
+ADD knox/gateway.sh /gateway.sh
+RUN touch /gateway.out && chown -R knox /gateway.out
+RUN touch /ldap.out && chown -R knox /ldap.out
+
 ADD bin/start.sh /root/start.sh
 ADD test-config /root/test-config
 ADD test-logs /root/test-logs
diff --git a/ambari-logsearch/docker/bin/start.sh b/ambari-logsearch/docker/bin/start.sh
index 6ba20fbe567..b87f733fed9 100644
--- a/ambari-logsearch/docker/bin/start.sh
+++ b/ambari-logsearch/docker/bin/start.sh
@@ -50,12 +50,18 @@ function create_logsearch_configs() {
   cp /root/test-config/logsearch/log4j.xml /root/config/logsearch/
   cp /root/test-config/logsearch/logsearch-env.sh /root/config/logsearch/
   cp $LOGSEARCH_SERVER_PATH/conf/user_pass.json /root/config/logsearch/user_pass.json
-  if [ $LOGSEARCH_HTTPS_ENABLED == 'true' ]
+  if [ "$LOGSEARCH_HTTPS_ENABLED" == "true" ]
   then
     cp /root/test-config/logsearch/logsearch-https.properties /root/config/logsearch/logsearch.properties
   else
     cp /root/test-config/logsearch/logsearch.properties /root/config/logsearch/logsearch.properties
   fi
+
+  if [ "$KNOX" == "true"  ]
+  then
+    cp /root/test-config/logsearch/logsearch-sso.properties /root/config/logsearch/logsearch.properties
+  fi
+
   set_custom_zookeeper_address /root/config/logsearch/logsearch.properties
 }
 
@@ -64,7 +70,7 @@ function create_solr_configs() {
   cp /root/test-config/solr/log4j.properties /root/config/solr/
   cp /root/test-config/solr/zoo.cfg /root/config/solr/
   cp /root/test-config/solr/solr.xml /root/config/solr/
-  if [ $LOGSEARCH_SOLR_SSL_ENABLED == 'true' ]
+  if [ "$LOGSEARCH_SOLR_SSL_ENABLED" == "true" ]
   then
     cp /root/test-config/solr/solr-env-ssl.sh /root/config/solr/solr-env.sh
   else
@@ -79,7 +85,7 @@ function create_configs() {
 }
 
 function generate_keys() {
-  if [ $GENERATE_KEYSTORE_AT_START == 'true' ]
+  if [ "$GENERATE_KEYSTORE_AT_START" == "true" ]
   then
     IP=`hostname --ip-address`
     echo "generating stores for IP: $IP"
@@ -93,7 +99,7 @@ function start_solr_d() {
   /root/solr-$SOLR_VERSION/bin/solr start -cloud -s /root/logsearch_solr_index/data -verbose -force
   touch /var/log/ambari-logsearch-solr/solr.log
 
-  if [ $LOGSEARCH_SOLR_SSL_ENABLED == 'true'  ]
+  if [ "$LOGSEARCH_SOLR_SSL_ENABLED" == "true"  ]
   then
     echo "Setting urlScheme as https and restarting solr..."
     $ZKCLI -zkhost localhost:9983 -cmd clusterprop -name urlScheme -val https
@@ -125,6 +131,26 @@ function start_selenium_server_d() {
   nohup java -jar /root/selenium-server-standalone.jar > /var/log/selenium-test.log &
 }
 
+function start_ldap_d() {
+  if [ "$KNOX" == "true"  ]
+  then
+    echo "KNOX is enabled. Starting Demo LDAP."
+    su knox -c "/ldap.sh"
+  else
+    echo "KNOX is not enabled. Skip Starting Demo LDAP."
+  fi
+}
+
+function start_knox_d() {
+  if [ "$KNOX" == "true"  ]
+  then
+    echo "KNOX is enabled. Starting Demo KNOX gateway."
+    su knox -c "/gateway.sh"
+  else
+    echo "KNOX is not enabled. Skip Starting KNOX gateway."
+  fi
+}
+
 function log() {
   component_log=${COMPONENT_LOG:-"logsearch"}
   case $component_log in
@@ -137,6 +163,12 @@ function log() {
     "selenium")
       tail -f /var/log/selenium-test.log
      ;;
+     "knox")
+      tail -f --retry /knox/logs/gateway.log
+     ;;
+     "ldap")
+      tail -f --retry /knox/logs/ldap.log
+     ;;
      *)
       tail -f /var/log/ambari-logsearch-portal/logsearch-app.log
      ;;
@@ -169,12 +201,28 @@ function main() {
       start_logsearch
       log
      ;;
+     "knox")
+      echo "Start KNOX only ..."
+      export COMPONENT_LOG="knox"
+      export KNOX="true"
+      start_knox_d
+      log
+     ;;
+     "ldap")
+      echo "Start Demo LDAP only ..."
+      export COMPONENT_LOG="ldap"
+      export KNOX="true"
+      start_ldap_d
+      log
+     ;;
      *)
       create_configs
       generate_keys
       start_selenium_server_d
       start_solr_d
       start_logfeeder_d
+      start_ldap_d
+      start_knox_d
       start_logsearch_d
       log
      ;;
diff --git a/ambari-logsearch/docker/knox.yml b/ambari-logsearch/docker/knox.yml
new file mode 100644
index 00000000000..936a026182d
--- /dev/null
+++ b/ambari-logsearch/docker/knox.yml
@@ -0,0 +1,50 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License
+version: '3.3'
+services:
+  ldap:
+    image: ambari-logsearch:v1.0
+    restart: always
+    hostname: ldap.apache.org
+    networks:
+      - logsearch-network
+    ports:
+      - 33389:33389
+    environment:
+      COMPONENT: ldap
+      COMPONENT_LOG: ldap
+      KNOX: "true"
+  knox:
+    image: ambari-logsearch:v1.0
+    restart: always
+    hostname: knox.apache.org
+    networks:
+      - logsearch-network
+    ports:
+      - 8443:8443
+    volumes:
+      - ./knox/topologies:/knox/conf/topologies
+      - ./knox/logsearch:/knox/data/services/logsearch
+      #- ./knox/applications:/knox/data/applications
+    environment:
+      COMPONENT: knox
+      COMPONENT_LOG: knox
+      KNOX: "true"
+    depends_on:
+      - ldap
+
+networks:
+   logsearch-network:
+      driver: bridge
\ No newline at end of file
diff --git a/ambari-logsearch/docker/knox/gateway.sh b/ambari-logsearch/docker/knox/gateway.sh
new file mode 100755
index 00000000000..5c74182b960
--- /dev/null
+++ b/ambari-logsearch/docker/knox/gateway.sh
@@ -0,0 +1,21 @@
+#!/bin/sh
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License
+
+set -e
+set -o pipefail
+
+nohup java -jar /knox/bin/gateway.jar > /gateway.out &
+
diff --git a/ambari-logsearch/docker/knox/keystores/test-secrets.zip b/ambari-logsearch/docker/knox/keystores/test-secrets.zip
new file mode 100644
index 00000000000..e2e2420a6dc
Binary files /dev/null and b/ambari-logsearch/docker/knox/keystores/test-secrets.zip differ
diff --git a/ambari-logsearch/docker/knox/ldap.sh b/ambari-logsearch/docker/knox/ldap.sh
new file mode 100755
index 00000000000..5bc3c1ccd08
--- /dev/null
+++ b/ambari-logsearch/docker/knox/ldap.sh
@@ -0,0 +1,21 @@
+#!/bin/sh
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License
+
+set -e
+set -o pipefail
+
+nohup java -jar /knox/bin/ldap.jar /knox/conf > /ldap.out &
+
diff --git a/ambari-logsearch/docker/knox/logsearch/1.0.0/rewrite.xml b/ambari-logsearch/docker/knox/logsearch/1.0.0/rewrite.xml
new file mode 100644
index 00000000000..19941ab2b07
--- /dev/null
+++ b/ambari-logsearch/docker/knox/logsearch/1.0.0/rewrite.xml
@@ -0,0 +1,23 @@
+<rules> <!-- TODO -->
+  <rule dir="IN" name="LOGSEARCH/logsearch/inbound" pattern="*://*:*/**/logsearch/api/v1/{**}?{**}">
+    <rewrite template="{$serviceUrl[LOGSEARCH]}/api/v1/{**}?{**}"/>
+  </rule>
+  <rule dir="OUT" name="LOGSEARCH/logsearch/href/outbound">
+    <match pattern="*://*:*/api/{**}?{**}"/>
+    <rewrite template="{$frontend[url]}/logsearch/api/{**}?{**}"/>
+  </rule>
+  <rule dir="OUT" name="LOGSEARCH/logsearch/context_path/outbound">
+    <match pattern="/{**}"/>
+    <rewrite template="{$frontend[path]}/logsearch/{**}"/>
+  </rule>
+  <filter name="LOGSEARCH/logsearch/api/outbound">
+    <content type="text/plain" asType="application/json">
+      <apply path="$.**.href" rule="LOGSEARCH/logsearch/href/outbound"/>
+      <apply path="$.**.context_path" rule="LOGSEARCH/logsearch/context_path/outbound"/>
+    </content>
+  </filter>
+  <filter name="LOGSEARCH/logsearch/api/inbound">
+    <content type="application/x-www-form-urlencoded" asType="application/octet-stream">
+    </content>
+  </filter>
+</rules>
\ No newline at end of file
diff --git a/ambari-logsearch/docker/knox/logsearch/1.0.0/service.xml b/ambari-logsearch/docker/knox/logsearch/1.0.0/service.xml
new file mode 100644
index 00000000000..058e9ef1f45
--- /dev/null
+++ b/ambari-logsearch/docker/knox/logsearch/1.0.0/service.xml
@@ -0,0 +1,12 @@
+<service role="LOGSEARCH" name="logsearch" version="2.2.0"> <!-- TODO -->
+  <policies>
+    <policy role="webappsec"/>
+    <policy role="authentication" name="Anonymous"/>
+    <policy role="rewrite"/>
+    <policy role="authorization"/>
+  </policies>
+  <routes>
+    <route path="/logsearch/api/v1/**"/>
+  </routes>
+  <!-- <dispatch classname="org.apache.knox.gateway.dispatch.PassAllHeadersDispatch"/> -->
+</service>
\ No newline at end of file
diff --git a/ambari-logsearch/docker/knox/topologies/admin.xml b/ambari-logsearch/docker/knox/topologies/admin.xml
new file mode 100644
index 00000000000..f65c15a5f2d
--- /dev/null
+++ b/ambari-logsearch/docker/knox/topologies/admin.xml
@@ -0,0 +1,67 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one or more
+  contributor license agreements.  See the NOTICE file distributed with
+  this work for additional information regarding copyright ownership.
+  The ASF licenses this file to You under the Apache License, Version 2.0
+  (the "License"); you may not use this file except in compliance with
+  the License.  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+-->
+<topology>
+
+    <gateway>
+        <provider>
+            <role>federation</role>
+            <name>SSOCookieProvider</name>
+            <enabled>true</enabled>
+            <param>
+              <name>sso.authentication.provider.url</name>
+              <value>/gateway/knoxsso/api/v1/websso</value>
+            </param>
+        </provider>
+
+        <provider>
+            <role>authorization</role>
+            <name>AclsAuthz</name>
+            <enabled>true</enabled>
+            <param>
+                <name>knox.acl</name>
+                <value>admin;*;*</value>
+            </param>
+        </provider>
+
+        <provider>
+            <role>identity-assertion</role>
+            <name>Default</name>
+            <enabled>true</enabled>
+        </provider>
+
+        <provider>
+            <role>hostmap</role>
+            <name>static</name>
+            <enabled>true</enabled>
+            <param>
+              <name>localhost</name>
+              <value>sandbox,sandbox.hortonworks.com</value>
+            </param>
+        </provider>
+
+    </gateway>
+
+    <service>
+        <role>KNOX</role>
+    </service>
+
+    <application>
+      <name>admin-ui</name>
+    </application>
+
+</topology>
diff --git a/ambari-logsearch/docker/knox/topologies/knoxsso.xml b/ambari-logsearch/docker/knox/topologies/knoxsso.xml
new file mode 100644
index 00000000000..31319dae9d2
--- /dev/null
+++ b/ambari-logsearch/docker/knox/topologies/knoxsso.xml
@@ -0,0 +1,118 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one or more
+  contributor license agreements.  See the NOTICE file distributed with
+  this work for additional information regarding copyright ownership.
+  The ASF licenses this file to You under the Apache License, Version 2.0
+  (the "License"); you may not use this file except in compliance with
+  the License.  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+-->
+<topology>
+    <gateway>
+      <provider>
+        <role>webappsec</role>
+        <name>WebAppSec</name>
+        <enabled>true</enabled>
+        <param>
+          <name>xframe.options.enabled</name>
+          <value>true</value>
+        </param>
+      </provider>
+
+        <provider>
+            <role>authentication</role>
+            <name>ShiroProvider</name>
+            <enabled>true</enabled>
+            <param>
+                <name>sessionTimeout</name>
+                <value>30</value>
+            </param>
+            <param>
+                <name>redirectToUrl</name>
+                <value>/gateway/knoxsso/knoxauth/login.html</value>
+            </param>
+            <param>
+                <name>restrictedCookies</name>
+                <value>rememberme,WWW-Authenticate</value>
+            </param>
+            <param>
+                <name>main.ldapRealm</name>
+                <value>org.apache.hadoop.gateway.shirorealm.KnoxLdapRealm</value>
+            </param>
+            <param>
+                <name>main.ldapContextFactory</name>
+                <value>org.apache.hadoop.gateway.shirorealm.KnoxLdapContextFactory</value>
+            </param>
+            <param>
+                <name>main.ldapRealm.contextFactory</name>
+                <value>$ldapContextFactory</value>
+            </param>
+            <param>
+                <name>main.ldapRealm.userDnTemplate</name>
+                <value>uid={0},ou=people,dc=hadoop,dc=apache,dc=org</value>
+            </param>
+            <param>
+                <name>main.ldapRealm.contextFactory.url</name>
+                <value>ldap://ldap:33389</value>
+            </param>    
+            <param>
+                <name>main.ldapRealm.authenticationCachingEnabled</name>
+                <value>false</value>
+            </param>
+            <param>
+                <name>main.ldapRealm.contextFactory.authenticationMechanism</name>
+                <value>simple</value>
+            </param>
+            <param>
+                <name>urls./**</name>
+                <value>authcBasic</value>
+            </param>
+        </provider>
+
+        <provider>
+            <role>identity-assertion</role>
+            <name>Default</name>
+            <enabled>true</enabled>
+        </provider>
+
+        <provider>
+            <role>hostmap</role>
+            <name>static</name>
+            <enabled>true</enabled>
+            <param>
+              <name>localhost</name>
+              <value>sandbox,sandbox.hortonworks.com</value>
+            </param>
+        </provider>
+
+    </gateway>
+
+    <application>
+      <name>knoxauth</name>
+    </application>
+
+    <service>
+        <role>KNOXSSO</role>
+        <param>
+            <name>knoxsso.cookie.secure.only</name>
+            <value>false</value>
+        </param>
+        <param>
+            <name>knoxsso.token.ttl</name>
+            <value>-1</value>
+        </param>
+        <param>
+           <name>knoxsso.redirect.whitelist.regex</name>
+           <value>^https?:\/\/(www\.local\.com|localhost|127\.0\.0\.1|0:0:0:0:0:0:0:1|::1):[0-9].*$</value>
+        </param>
+    </service>
+
+</topology>
diff --git a/ambari-logsearch/docker/knox/topologies/sandbox.xml b/ambari-logsearch/docker/knox/topologies/sandbox.xml
new file mode 100644
index 00000000000..49458444196
--- /dev/null
+++ b/ambari-logsearch/docker/knox/topologies/sandbox.xml
@@ -0,0 +1,55 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one or more
+  contributor license agreements.  See the NOTICE file distributed with
+  this work for additional information regarding copyright ownership.
+  The ASF licenses this file to You under the Apache License, Version 2.0
+  (the "License"); you may not use this file except in compliance with
+  the License.  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+-->
+<topology>
+
+  <gateway>
+
+    <provider>
+      <role>federation</role>
+      <name>SSOCookieProvider</name>
+      <enabled>true</enabled>
+      <param>
+        <name>sso.authentication.provider.url</name>
+        <value>https://localhost:8443/gateway/knoxsso/api/v1/websso</value>
+      </param>
+    </provider>
+
+    <provider>
+      <role>identity-assertion</role>
+      <name>Default</name>
+      <enabled>true</enabled>
+    </provider>
+
+    <provider>
+      <role>hostmap</role>
+      <name>static</name>
+      <enabled>true</enabled>
+      <param>
+        <name>localhost</name>
+        <value>sandbox,sandbox.hortonworks.com</value>
+      </param>
+    </provider>
+
+  </gateway>
+
+  <service>
+    <role>LOGSEARCH</role>
+    <url>http://logsearch:61888</url>
+  </service>
+
+</topology>
\ No newline at end of file
diff --git a/ambari-logsearch/docker/logsearch-docker.sh b/ambari-logsearch/docker/logsearch-docker.sh
index 2a929b790cf..9b6c342f6cc 100755
--- a/ambari-logsearch/docker/logsearch-docker.sh
+++ b/ambari-logsearch/docker/logsearch-docker.sh
@@ -84,6 +84,7 @@ LOGSEARCH_HTTPS_ENABLED=false
 LOGSEARCH_SOLR_SSL_ENABLED=false
 GENERATE_KEYSTORE_AT_START=false
 SOLR_HOST=solr
+KNOX=false
 EOF
     echo "'Profile' file has been created. Check it out before starting Log Search. ($sdir/Profile)"
     exit
diff --git a/ambari-logsearch/docker/sso.yml b/ambari-logsearch/docker/sso.yml
new file mode 100644
index 00000000000..069a01243cf
--- /dev/null
+++ b/ambari-logsearch/docker/sso.yml
@@ -0,0 +1,119 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License
+version: '3.3'
+services:
+  zookeeper:
+    image: zookeeper:${ZOOKEEPER_VERSION:-3.4.10}
+    restart: always
+    hostname: zookeeper
+    networks:
+      - logsearch-network
+    ports:
+      - 2181:2181
+    environment:
+      ZOO_MY_ID: 1
+      ZOO_SERVERS: server.1=zookeeper:2888:3888
+  solr:
+    image: solr:${SOLR_VERSION:-6.6.2}
+    restart: always
+    hostname: solr
+    ports:
+      - "8983:8983"
+    networks:
+      - logsearch-network
+    env_file:
+      - Profile
+    entrypoint:
+      - docker-entrypoint.sh
+      - solr
+      - start
+      - "-f"
+      - "-c"
+      - "-z"
+      - ${ZOOKEEPER_CONNECTION_STRING}
+  logsearch:
+    image: ambari-logsearch:v1.0
+    restart: always
+    hostname: logsearch.apache.org
+    networks:
+      - logsearch-network
+    env_file:
+      - Profile
+    ports:
+      - 61888:61888
+      - 4444:4444
+      - 5005:5005
+    environment:
+      COMPONENT: logsearch
+      COMPONENT_LOG: logsearch
+      ZK_CONNECT_STRING: ${ZOOKEEPER_CONNECTION_STRING}
+      DISPLAY: $DOCKERIP:0
+      KNOX: "true"
+    volumes:
+      - $AMBARI_LOCATION:/root/ambari
+      - $AMBARI_LOCATION/ambari-logsearch/docker/test-logs:/root/test-logs
+      - $AMBARI_LOCATION/ambari-logsearch/docker/test-config:/root/test-config
+  logfeeder:
+    image: ambari-logsearch:v1.0
+    restart: always
+    hostname: logfeeder.apache.org
+    networks:
+      - logsearch-network
+    env_file:
+      - Profile
+    ports:
+      - 5006:5006
+    environment:
+      COMPONENT: logfeeder
+      COMPONENT_LOG: logfeeder
+      ZK_CONNECT_STRING: ${ZOOKEEPER_CONNECTION_STRING}
+    volumes:
+      - $AMBARI_LOCATION:/root/ambari
+      - $AMBARI_LOCATION/ambari-logsearch/docker/test-logs:/root/test-logs
+      - $AMBARI_LOCATION/ambari-logsearch/docker/test-config:/root/test-config
+  ldap:
+    image: ambari-logsearch:v1.0
+    restart: always
+    hostname: ldap.apache.org
+    networks:
+      - logsearch-network
+    ports:
+      - 33389:33389
+    environment:
+      COMPONENT: ldap
+      COMPONENT_LOG: ldap
+      KNOX: "true"
+  knox:
+    image: ambari-logsearch:v1.0
+    restart: always
+    hostname: knox.apache.org
+    networks:
+      - logsearch-network
+    ports:
+      - 8443:8443
+    volumes:
+      - ./knox/topologies:/knox/conf/topologies
+      - ./knox/logsearch:/knox/data/services/logsearch
+      #- ./knox/applications:/knox/data/applications
+    environment:
+      COMPONENT: knox
+      COMPONENT_LOG: knox
+      KNOX: "true"
+    depends_on:
+      - ldap
+
+networks:
+   logsearch-network:
+      driver: bridge
\ No newline at end of file
diff --git a/ambari-logsearch/docker/test-config/logsearch/logsearch-https.properties b/ambari-logsearch/docker/test-config/logsearch/logsearch-https.properties
index 6b59ac823c4..a50677b3456 100644
--- a/ambari-logsearch/docker/test-config/logsearch/logsearch-https.properties
+++ b/ambari-logsearch/docker/test-config/logsearch/logsearch-https.properties
@@ -53,3 +53,5 @@ logsearch.auth.external_auth.enable=false
 
 logsearch.https.port=61888
 logsearch.protocol=https
+
+logsearch.config.zk_connect_string=localhost:9983
diff --git a/ambari-logsearch/docker/test-config/logsearch/logsearch-sso.properties b/ambari-logsearch/docker/test-config/logsearch/logsearch-sso.properties
new file mode 100644
index 00000000000..d34860a0f94
--- /dev/null
+++ b/ambari-logsearch/docker/test-config/logsearch/logsearch-sso.properties
@@ -0,0 +1,63 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+logsearch.solr.zk_connect_string=localhost:9983
+
+# Service Logs
+logsearch.solr.collection.service.logs=hadoop_logs
+
+logsearch.service.logs.split.interval.mins=15
+logsearch.collection.service.logs.numshards=3
+logsearch.collection.service.logs.replication.factor=2
+
+# Audit logs
+logsearch.solr.audit.logs.zk_connect_string=localhost:9983
+logsearch.solr.collection.audit.logs=audit_logs
+logsearch.solr.audit.logs.url=
+
+logsearch.audit.logs.split.interval.mins=15
+logsearch.collection.audit.logs.numshards=3
+logsearch.collection.audit.logs.replication.factor=2
+
+# History logs
+logsearch.solr.collection.history=history
+logsearch.solr.history.config.name=history
+logsearch.collection.history.replication.factor=1
+
+logsearch.solr.config_set.folder=/root/ambari/ambari-logsearch/ambari-logsearch-server/target/package/conf/solr_configsets
+logsearch.solr.audit.logs.config_set.folder=/root/ambari/ambari-logsearch/ambari-logsearch-server/target/package/conf/solr_configsets
+
+# Metrics
+logsearch.solr.metrics.collector.hosts=
+logsearch.solr.jmx.port=18886
+
+# logsearch-admin.json
+logsearch.auth.file.enable=true
+logsearch.login.credentials.file=user_pass.json
+
+logsearch.auth.ldap.enable=false
+logsearch.auth.simple.enable=false
+logsearch.auth.external_auth.enable=false
+
+logsearch.https.port=61888
+logsearch.protocol=http
+
+logsearch.config.zk_connect_string=localhost:9983
+
+logsearch.auth.jwt.enabled=true
+logsearch.auth.jwt.public_key=MIICOjCCAaOgAwIBAgIJAMY1lA6gY1V/MA0GCSqGSIb3DQEBBQUAMF8xCzAJBgNVBAYTAlVTMQ0wCwYDVQQIEwRUZXN0MQ0wCwYDVQQHEwRUZXN0MQ8wDQYDVQQKEwZIYWRvb3AxDTALBgNVBAsTBFRlc3QxEjAQBgNVBAMTCWxvY2FsaG9zdDAeFw0xODAyMDIxNTAwMTdaFw0xOTAyMDIxNTAwMTdaMF8xCzAJBgNVBAYTAlVTMQ0wCwYDVQQIEwRUZXN0MQ0wCwYDVQQHEwRUZXN0MQ8wDQYDVQQKEwZIYWRvb3AxDTALBgNVBAsTBFRlc3QxEjAQBgNVBAMTCWxvY2FsaG9zdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAq3Gu6ji2nrjCbc3r3ls7L8zG5IoZhDgrO108ke+82Zp9QU9SCdekon0YR9nGnXxJI/gynyPdmjFOmCgrMbwCN8LiIMvaeK7IRtmzh1zzFO4omOVYYYZIeSfEBU8qEw2I2ruHbzC9Qxjf3+ZV+9LWEso5xhBimvA+XUfNN8PB868CAwEAATANBgkqhkiG9w0BAQUFAAOBgQASoA1EgaTZEokjIbWeZABbRDrml4oxQ+mkzrn1DgIx1zbdPBTFbGGXZN81TZ7nq64UFoQLKQq7a7l20iHizTz7oTTM99+1uzHYn2TkdAHNpTWCux+5aQkpUCjZStTbp/S6AHgZKchcY7IUfGTiyeYHnJAPsCqVSEzXWymLKMPjTQ==
+logsearch.auth.jwt.provider_url=https://localhost:8443/gateway/knoxsso/api/v1/websso
+logsearch.auth.jwt.cookie.name=hadoop-jwt
+logsearch.auth.jwt.query.param.original_url=originalUrl
diff --git a/ambari-logsearch/pom.xml b/ambari-logsearch/pom.xml
index 4a0bb6a66d8..24924dd7e53 100644
--- a/ambari-logsearch/pom.xml
+++ b/ambari-logsearch/pom.xml
@@ -173,6 +173,7 @@
             <exclude>**/yarn.lock</exclude>
             <exclude>**/docker/Profile</exclude>
             <exclude>**/docker/.env</exclude>
+            <exclude>**/docker/knox/**</exclude>
             <exclude>**/node_modules/**</exclude>
             <exclude>**/dist/**</exclude>
           </excludes>