...
CDAP must be configured with a shared secret file which that all system services must have access to. To generate the shared secret file, use the AuthenticationTool:
...
Alternatively, in distributed mode, other key managers (for example, the DistributedKeyManager leveraging ZooKeeper) can be used. However, but the same key must be available to all system services or internal token verification will fail.
...