2022-03-15 16:03:07 +00:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								# Configure OpenMetadata Server
  
						 
					
						
							
								
									
										
										
										
											2022-03-10 08:59:13 +00:00 
										
									 
								 
							 
							
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								## Update conf/openmetadata-security.yaml
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2022-03-15 16:03:07 +00:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								Once the **Client Id** , and **Issuer URL**  are generated, add those details in `openmetadata-security.yaml`  file in the respective fields.
							 
						 
					
						
							
								
									
										
										
										
											2022-03-10 08:59:13 +00:00 
										
									 
								 
							 
							
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								```yaml
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								authenticationConfiguration:
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								  provider: "okta"
							 
						 
					
						
							
								
									
										
										
										
											2022-03-30 21:52:53 +01:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								  publicKeyUrls:
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								    -  "{ISSUER_URL}/v1/keys"
							 
						 
					
						
							
								
									
										
										
										
											2022-03-10 08:59:13 +00:00 
										
									 
								 
							 
							
								
							 
							
								 
							
							
								  authority: "{ISSUER_URL}"
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								  clientId: "{CLIENT_ID - SPA APP}"
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								  callbackUrl: "http://localhost:8585/callback"
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								```
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2022-03-15 16:03:07 +00:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								*  **ISSUER\_URL** - This can be found in **Security -> API -> Authorization Servers** . 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								 . png > )
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								*  **CLIENT\_ID - SPA APP** - This is the Client\_ID for Single Page Applications. On configuring the app, the Client\_ID can be found in the **General**  section, under **Client Credentials >> Client ID**  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								 . png > )
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								Update `authorizerConfiguration`  to add `adminPrincipals` 
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								*  For `adminPrincipals` , add the **Username** . 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								*  For `botPrincipals` , add the **Ingestion Client ID**  for the Service application. This can be found in **Okta -> Applications -> Applications** . 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								 . png > )
							 
						 
					
						
							
								
									
										
										
										
											2022-03-10 08:59:13 +00:00 
										
									 
								 
							 
							
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								```yaml
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								authorizerConfiguration:
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								  className: "org.openmetadata.catalog.security.DefaultAuthorizer"
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								  containerRequestFilter: "org.openmetadata.catalog.security.JwtFilter"
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								  adminPrincipals:
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								    -  "< username > "
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								  botPrincipals:
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								    -  "ingestion-bot"
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								    -  "< Ingestion  Client  ID > "
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								  principalDomain: "open-metadata.org"
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								```