2024-06-18 15:53:06 +02:00 
										
									 
								 
							 
							
								
							 
							
								 
							
							
								---
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								title: Auth0 SSO for Bare Metal
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								slug: /deployment/security/auth0/bare-metal
							 
						 
					
						
							
								
									
										
										
										
											2024-09-05 10:30:31 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								collate: false
							 
						 
					
						
							
								
									
										
										
										
											2024-06-18 15:53:06 +02:00 
										
									 
								 
							 
							
								
							 
							
								 
							
							
								---
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								# Auth0 SSO for Bare Metal
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								## Update conf/openmetadata.yaml
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2025-01-03 18:10:07 +05:30 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								In `openmetadata.yaml`  file and use the following example as a reference. Replace the placeholder values with the details generated during your Auth0 account and application credentials setup.
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								Check the more information about environment variable [here ](/deployment/security/configuration-parameters ).
							 
						 
					
						
							
								
									
										
										
										
											2024-06-18 15:53:06 +02:00 
										
									 
								 
							 
							
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2025-01-03 18:10:07 +05:30 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								{% codeWithLanguageSelector title="Auth Configuration" id="container-1" languagesArray=["implicit","authcode"] theme="dark" %}
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								```implicit
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								# Implicit Flow Configuration
  
						 
					
						
							
								
									
										
										
										
											2024-06-18 15:53:06 +02:00 
										
									 
								 
							 
							
								
							 
							
								 
							
							
								authorizerConfiguration:
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								  className: "org.openmetadata.service.security.DefaultAuthorizer"
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								  containerRequestFilter: "org.openmetadata.service.security.JwtFilter"
							 
						 
					
						
							
								
									
										
										
										
											2025-01-03 18:10:07 +05:30 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								  adminPrincipals:                          
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								    -  "admin"                                               # Administrator email prefix (e.g., "admin" from "admin@domain .com")
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								    -  "user1"                                               # Additional administrator email prefix
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								    -  "user2"                                               # Additional administrator email prefix
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								  principalDomain: "open-metadata.org"                      # Primary domain for your organization (e.g., "yourdomain.com") 
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								      principalDomain: "open-metadata.org"  # Update with your Domain,The primary domain for the organization (example.com from john.doe@example .com).  
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								authenticationConfiguration:
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								  provider: "auth0"                                         # Authentication provider, set to "auth0"
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								  publicKeyUrls:                           
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								    -  "https://{Auth0 Domain Name}/.well-known/jwks.json"   # Replace {Auth0 Domain Name} with your Auth0 domain
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								    -  "{Your OMD Server URL}/api/v1/system/config/jwks"     # Replace {Your OMD Server URL} with your OpenMetadata server URL
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								  authority: "https://{Your Auth0 Domain}"                  # Base URL of your Auth0 domain
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								  clientId: "{Client ID}"                                   # Auth0 Client ID for your application
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								  callbackUrl: "http://localhost:8585/callback"             # Callback URL for OpenMetadata authentication
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								  clientType: "public"                                      # Set to "public" for implicit flow
							 
						 
					
						
							
								
									
										
										
										
											2024-06-18 15:53:06 +02:00 
										
									 
								 
							 
							
								
							 
							
								 
							
							
								```
							 
						 
					
						
							
								
									
										
										
										
											2025-01-03 18:10:07 +05:30 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								```authcode
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								# Auth Code Flow Configuration
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								authorizerConfiguration:
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								  className: "org.openmetadata.service.security.DefaultAuthorizer"
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								  containerRequestFilter: "org.openmetadata.service.security.JwtFilter"
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								  adminPrincipals:                          
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								    -  "admin"                                                   # Administrator email prefix (e.g., "admin" from "admin@domain .com")
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								    -  "user1"                                                   # Additional administrator email prefix
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								    -  "user2"                                                   # Additional administrator email prefix
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								  principalDomain: "open-metadata.org"                          # Primary domain for your organization (e.g., "yourdomain.com")
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								authenticationConfiguration:
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								  provider: "auth0"                                             # Authentication provider, set to "auth0"
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								  publicKeyUrls:                           
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								    -  "https://{Auth0 Domain Name}/.well-known/jwks.json"       # Replace {Auth0 Domain Name} with your Auth0 domain
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								    -  "{Your OMD Server URL}/api/v1/system/config/jwks"         # Replace {Your OMD Server URL} with your OpenMetadata server URL
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								  authority: "https://{Your Auth0 Domain}"                      # Base URL of your Auth0 domain
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								  clientId: "{Client ID}"                                       # Auth0 Client ID for your application
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								  callbackUrl: "http://localhost:8585/callback"                 # Callback URL for OpenMetadata authentication
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								  clientType: "confidential"                                    # Set to "confidential" for auth code flow
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								  oidcConfiguration:
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								    id: "{Client ID}"                                           # Auth0 Client ID for your application
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								    type: "auth0"                                               # Ensure this matches your provider type
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								    secret: "{Client Secret}"                                   # Auth0 Client Secret for your application
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								    discoveryUri: "https://{Auth0 Domain Name}/.well-known/openid-configuration" 
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								                                                                # Discovery URI for OpenID configuration; replace {Auth0 Domain Name} with your Auth0 domain
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								    callbackUrl: "http://localhost:8585/callback"               # Callback URL for OpenMetadata authentication
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								                                                                
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								    serverUrl: "http://localhost:8585"                          # OpenMetadata server URL; update for production environments
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								```
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								{% /codeWithLanguageSelector %}
							 
						 
					
						
							
								
									
										
										
										
											2024-06-18 15:53:06 +02:00 
										
									 
								 
							 
							
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2024-12-12 11:34:09 +05:30 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								{% partial file="/v1.7/deployment/configure-ingestion.md" /%}
							 
						 
					
						
							
								
									
										
										
										
											2025-01-03 18:10:07 +05:30 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								{% inlineCalloutContainer %}
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								  {% inlineCallout
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								    color="violet-70"
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								    icon="MdArrowBack"
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								    bold="Auth"
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								    href="/deployment/security/auth0" %}
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								    Go to Auth0 Configuration
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								  {% /inlineCallout %}
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								{% /inlineCalloutContainer %}