yujunjun/OpenMetadata
1
0
Fork 0
mirror of https://github.com/open-metadata/OpenMetadata.git synced 2025-08-15 04:26:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

Doc: Enable Security Path Updation (#21780)

Browse Source 
Co-authored-by: Rounak Dhillon <rounakdhillon@Rounaks-MacBook-Air.local>
This commit is contained in:
Rounak Dhillon 2025-06-16 11:37:27 +05:30 committed by GitHub
parent 49df5fc9de
commit 52dde3d069
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
6 changed files with 22 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
openmetadata-docs/content/v1.7.x/security-collate/amazon-cognito-sso/index.md
View File

@ -45,7 +45,7 @@ Security requirements for your **production** environment:
{% image src="/images/v1.7/deployment/security/amazon-cognito-sso/create-server-credentials-4.png" alt="create-account" caption="Integrate your App" /%} {% image src="/images/v1.7/deployment/security/amazon-cognito-sso/create-server-credentials-4.png" alt="create-account" caption="Integrate your App" /%}
- In the same step, select "Public client" for the Initial App client type and configure the Allowed callback URLs - In the same step, select "Public client" for the Initial App client type and configure the Allowed callback URLs
with `http://localhost:8585/callback` as shown in the screenshot below. Note: For production deployments, the Allowed with `https://{your-collate-domain}/callback` as shown in the screenshot below. Note: For production deployments, the Allowed
callback URLs should be updated with the appropriate domain name. callback URLs should be updated with the appropriate domain name.
{% image src="/images/v1.7/deployment/security/amazon-cognito-sso/create-server-credentials-5.png" alt="create-account" caption="Configure the App Client" /%} {% image src="/images/v1.7/deployment/security/amazon-cognito-sso/create-server-credentials-5.png" alt="create-account" caption="Configure the App Client" /%}

16
openmetadata-docs/content/v1.7.x/security-collate/oidc/index.md
View File

@ -23,7 +23,7 @@ Below are the configuration types to set up the OIDC Authentication with a Confi
```yaml ```yaml
authenticationConfiguration: authenticationConfiguration:
clientType: ${AUTHENTICATION_CLIENT_TYPE:-confidential} clientType: ${AUTHENTICATION_CLIENT_TYPE:-confidential}
publicKeyUrls: ${AUTHENTICATION_PUBLIC_KEYS:-[http://localhost:8585/api/v1/system/config/jwks]} publicKeyUrls: ${AUTHENTICATION_PUBLIC_KEYS:-[https://{your-collate-domain}/api/v1/system/config/jwks]}
oidcConfiguration: oidcConfiguration:
id: ${OIDC_CLIENT_ID:-""} id: ${OIDC_CLIENT_ID:-""}
type: ${OIDC_TYPE:-""} # google, azure etc. type: ${OIDC_TYPE:-""} # google, azure etc.
@ -34,8 +34,8 @@ Below are the configuration types to set up the OIDC Authentication with a Confi
preferredJwsAlgorithm: ${OIDC_PREFERRED_JWS:-"RS256"} preferredJwsAlgorithm: ${OIDC_PREFERRED_JWS:-"RS256"}
responseType: ${OIDC_RESPONSE_TYPE:-"code"} responseType: ${OIDC_RESPONSE_TYPE:-"code"}
disablePkce: ${OIDC_DISABLE_PKCE:-true} disablePkce: ${OIDC_DISABLE_PKCE:-true}
callbackUrl: ${OIDC_CALLBACK:-"http://localhost:8585/callback"} callbackUrl: ${OIDC_CALLBACK:-"https://{your-collate-domain}/callback"}
serverUrl: ${OIDC_SERVER_URL:-"http://localhost:8585"} serverUrl: ${OIDC_SERVER_URL:-"https://{your-collate-domain}"}
clientAuthenticationMethod: ${OIDC_CLIENT_AUTH_METHOD:-"client_secret_post"} clientAuthenticationMethod: ${OIDC_CLIENT_AUTH_METHOD:-"client_secret_post"}
tenant: ${OIDC_TENANT:-""} tenant: ${OIDC_TENANT:-""}
maxClockSkew: ${OIDC_MAX_CLOCK_SKEW:-""} maxClockSkew: ${OIDC_MAX_CLOCK_SKEW:-""}
@ -44,7 +44,7 @@ Below are the configuration types to set up the OIDC Authentication with a Confi
# Configuration Parameters # Configuration Parameters
## Public Key Url (publicKeyUrls): ## Public Key Url (publicKeyUrls):
This needs to be updated as per different SSO providers. The default value is `http://localhost:8585/api/v1/system/config/jwks`. This is the URL where the public keys are stored. The public keys are used to verify the signature of the JWT token. This needs to be updated as per different SSO providers. The default value is `https://{your-collate-domain}/api/v1/system/config/jwks`. This is the URL where the public keys are stored. The public keys are used to verify the signature of the JWT token.
{%important%} {%important%}
@ -56,7 +56,7 @@ This needs to be updated as per different SSO providers. The default value is `h
**Azure**: https://login.microsoftonline.com/{tenant}/discovery/v2.0/keys **Azure**: https://login.microsoftonline.com/{tenant}/discovery/v2.0/keys
Also if you have enabled [JWT Tokens](/deployment/security/enable-jwt-tokens) then http://localhost:8585/api/v1/system/config/jwks also needs to be there in the list with proper server url. Also if you have enabled [JWT Tokens](/deployment/security/enable-jwt-tokens) then https://{your-collate-domain}/api/v1/system/config/jwks also needs to be there in the list with proper server url.
{%important%} {%important%}
@ -112,17 +112,17 @@ Define the response type for the authentication request. Default is code and nee
Set ${OIDC_DISABLE_PKCE:-true} to true if you want to disable Proof Key for Code Exchange (PKCE). If you want to send CodeVerifier and CodeChallenge in the request, set it to false. Set ${OIDC_DISABLE_PKCE:-true} to true if you want to disable Proof Key for Code Exchange (PKCE). If you want to send CodeVerifier and CodeChallenge in the request, set it to false.
## Callback URL (callbackUrl): ## Callback URL (callbackUrl):
Provide the callback URL where the OIDC provider redirects after authentication. Update ${OIDC_CALLBACK:-"http://localhost:8585/callback"} with your actual callback URL. Provide the callback URL where the OIDC provider redirects after authentication. Update ${OIDC_CALLBACK:-"https://{your-collate-domain}/callback"} with your actual callback URL.
{%important%} {%important%}
The only initial part of the URL should be changed, the rest of the URL should be the same as the default one. The default URL is `http://localhost:8585/callback`. The only initial part of the URL should be changed, the rest of the URL should be the same as the default one. The default URL is `https://{your-collate-domain}/callback`.
Also, this should match what you have configured in your OIDC provider. Also, this should match what you have configured in your OIDC provider.
{%important%} {%important%}
## Server URL (serverUrl): ## Server URL (serverUrl):
Specify the URL of your OM Server. Default is http://localhost:8585. Specify the URL of your OM Server. Default is https://{your-collate-domain}.
## Client Authentication Method (clientAuthenticationMethod): ## Client Authentication Method (clientAuthenticationMethod):
Define the method used for client authentication. Default is client_secret_post. Define the method used for client authentication. Default is client_secret_post.

4
openmetadata-docs/content/v1.7.x/security-collate/okta/index.md
View File

@ -50,8 +50,8 @@ This document will explain how to create an Okta app and configure it for OAuth.
* **Refresh Token** - For the refresh token behavior, it is recommended to select the option to 'Rotate token after every use'. * **Refresh Token** - For the refresh token behavior, it is recommended to select the option to 'Rotate token after every use'.
* **Implicit (hybrid)** - Select the options to allow ID Token and Access Token with implicit grant type. * **Implicit (hybrid)** - Select the options to allow ID Token and Access Token with implicit grant type.
* Enter the **Sign-in redirect URIs** * Enter the **Sign-in redirect URIs**
* http://localhost:8585/callback * https://{your-collate-domain}/callback
* http://localhost:8585/silent-callback * https://{your-collate-domain}/silent-callback
* Enter the **Sign-out redirect URIs** * Enter the **Sign-out redirect URIs**
* Enter the **Base URIs** * Enter the **Base URIs**
* Select the required option for **Controlled access** * Select the required option for **Controlled access**

2
openmetadata-docs/content/v1.8.x-SNAPSHOT/security-collate/amazon-cognito-sso/index.md
View File

@ -45,7 +45,7 @@ Security requirements for your **production** environment:
{% image src="/images/v1.8/deployment/security/amazon-cognito-sso/create-server-credentials-4.png" alt="create-account" caption="Integrate your App" /%} {% image src="/images/v1.8/deployment/security/amazon-cognito-sso/create-server-credentials-4.png" alt="create-account" caption="Integrate your App" /%}
- In the same step, select "Public client" for the Initial App client type and configure the Allowed callback URLs - In the same step, select "Public client" for the Initial App client type and configure the Allowed callback URLs
with `http://localhost:8585/callback` as shown in the screenshot below. Note: For production deployments, the Allowed with `https://{your-collate-domain}/callback` as shown in the screenshot below. Note: For production deployments, the Allowed
callback URLs should be updated with the appropriate domain name. callback URLs should be updated with the appropriate domain name.
{% image src="/images/v1.8/deployment/security/amazon-cognito-sso/create-server-credentials-5.png" alt="create-account" caption="Configure the App Client" /%} {% image src="/images/v1.8/deployment/security/amazon-cognito-sso/create-server-credentials-5.png" alt="create-account" caption="Configure the App Client" /%}

16
openmetadata-docs/content/v1.8.x-SNAPSHOT/security-collate/oidc/index.md
View File

@ -23,7 +23,7 @@ Below are the configuration types to set up the OIDC Authentication with a Confi
```yaml ```yaml
authenticationConfiguration: authenticationConfiguration:
clientType: ${AUTHENTICATION_CLIENT_TYPE:-confidential} clientType: ${AUTHENTICATION_CLIENT_TYPE:-confidential}
publicKeyUrls: ${AUTHENTICATION_PUBLIC_KEYS:-[http://localhost:8585/api/v1/system/config/jwks]} publicKeyUrls: ${AUTHENTICATION_PUBLIC_KEYS:-[https://{your-collate-domain}/api/v1/system/config/jwks]}
oidcConfiguration: oidcConfiguration:
id: ${OIDC_CLIENT_ID:-""} id: ${OIDC_CLIENT_ID:-""}
type: ${OIDC_TYPE:-""} # google, azure etc. type: ${OIDC_TYPE:-""} # google, azure etc.
@ -34,8 +34,8 @@ Below are the configuration types to set up the OIDC Authentication with a Confi
preferredJwsAlgorithm: ${OIDC_PREFERRED_JWS:-"RS256"} preferredJwsAlgorithm: ${OIDC_PREFERRED_JWS:-"RS256"}
responseType: ${OIDC_RESPONSE_TYPE:-"code"} responseType: ${OIDC_RESPONSE_TYPE:-"code"}
disablePkce: ${OIDC_DISABLE_PKCE:-true} disablePkce: ${OIDC_DISABLE_PKCE:-true}
callbackUrl: ${OIDC_CALLBACK:-"http://localhost:8585/callback"} callbackUrl: ${OIDC_CALLBACK:-"https://{your-collate-domain}/callback"}
serverUrl: ${OIDC_SERVER_URL:-"http://localhost:8585"} serverUrl: ${OIDC_SERVER_URL:-"https://{your-collate-domain}"}
clientAuthenticationMethod: ${OIDC_CLIENT_AUTH_METHOD:-"client_secret_post"} clientAuthenticationMethod: ${OIDC_CLIENT_AUTH_METHOD:-"client_secret_post"}
tenant: ${OIDC_TENANT:-""} tenant: ${OIDC_TENANT:-""}
maxClockSkew: ${OIDC_MAX_CLOCK_SKEW:-""} maxClockSkew: ${OIDC_MAX_CLOCK_SKEW:-""}
@ -44,7 +44,7 @@ Below are the configuration types to set up the OIDC Authentication with a Confi
# Configuration Parameters # Configuration Parameters
## Public Key Url (publicKeyUrls): ## Public Key Url (publicKeyUrls):
This needs to be updated as per different SSO providers. The default value is `http://localhost:8585/api/v1/system/config/jwks`. This is the URL where the public keys are stored. The public keys are used to verify the signature of the JWT token. This needs to be updated as per different SSO providers. The default value is `https://{your-collate-domain}/api/v1/system/config/jwks`. This is the URL where the public keys are stored. The public keys are used to verify the signature of the JWT token.
{%important%} {%important%}
@ -56,7 +56,7 @@ This needs to be updated as per different SSO providers. The default value is `h
**Azure**: https://login.microsoftonline.com/{tenant}/discovery/v2.0/keys **Azure**: https://login.microsoftonline.com/{tenant}/discovery/v2.0/keys
Also if you have enabled [JWT Tokens](/deployment/security/enable-jwt-tokens) then http://localhost:8585/api/v1/system/config/jwks also needs to be there in the list with proper server url. Also if you have enabled [JWT Tokens](/deployment/security/enable-jwt-tokens) then https://{your-collate-domain}/api/v1/system/config/jwks also needs to be there in the list with proper server url.
{%important%} {%important%}
@ -112,17 +112,17 @@ Define the response type for the authentication request. Default is code and nee
Set ${OIDC_DISABLE_PKCE:-true} to true if you want to disable Proof Key for Code Exchange (PKCE). If you want to send CodeVerifier and CodeChallenge in the request, set it to false. Set ${OIDC_DISABLE_PKCE:-true} to true if you want to disable Proof Key for Code Exchange (PKCE). If you want to send CodeVerifier and CodeChallenge in the request, set it to false.
## Callback URL (callbackUrl): ## Callback URL (callbackUrl):
Provide the callback URL where the OIDC provider redirects after authentication. Update ${OIDC_CALLBACK:-"http://localhost:8585/callback"} with your actual callback URL. Provide the callback URL where the OIDC provider redirects after authentication. Update ${OIDC_CALLBACK:-"https://{your-collate-domain}/callback"} with your actual callback URL.
{%important%} {%important%}
The only initial part of the URL should be changed, the rest of the URL should be the same as the default one. The default URL is `http://localhost:8585/callback`. The only initial part of the URL should be changed, the rest of the URL should be the same as the default one. The default URL is `https://{your-collate-domain}/callback`.
Also, this should match what you have configured in your OIDC provider. Also, this should match what you have configured in your OIDC provider.
{%important%} {%important%}
## Server URL (serverUrl): ## Server URL (serverUrl):
Specify the URL of your OM Server. Default is http://localhost:8585. Specify the URL of your OM Server. Default is https://{your-collate-domain}.
## Client Authentication Method (clientAuthenticationMethod): ## Client Authentication Method (clientAuthenticationMethod):
Define the method used for client authentication. Default is client_secret_post. Define the method used for client authentication. Default is client_secret_post.

4
openmetadata-docs/content/v1.8.x-SNAPSHOT/security-collate/okta/index.md
View File

@ -50,8 +50,8 @@ This document will explain how to create an Okta app and configure it for OAuth.
* **Refresh Token** - For the refresh token behavior, it is recommended to select the option to 'Rotate token after every use'. * **Refresh Token** - For the refresh token behavior, it is recommended to select the option to 'Rotate token after every use'.
* **Implicit (hybrid)** - Select the options to allow ID Token and Access Token with implicit grant type. * **Implicit (hybrid)** - Select the options to allow ID Token and Access Token with implicit grant type.
* Enter the **Sign-in redirect URIs** * Enter the **Sign-in redirect URIs**
* http://localhost:8585/callback * https://{your-collate-domain}/callback
* http://localhost:8585/silent-callback * https://{your-collate-domain}/silent-callback
* Enter the **Sign-out redirect URIs** * Enter the **Sign-out redirect URIs**
* Enter the **Base URIs** * Enter the **Base URIs**
* Select the required option for **Controlled access** * Select the required option for **Controlled access**