yujunjun/OpenMetadata
1
0
Fork 0
mirror of https://github.com/open-metadata/OpenMetadata.git synced 2025-10-17 11:43:54 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update SSO configs to show clear URLs for callback and public keys (#18127)

Browse Source 
* Update SSO configs

* Update security docs to provide clear callback and public key urls
This commit is contained in:
Sriharsha Chintalapani 2024-10-07 02:56:10 -07:00 committed by GitHub
parent 421ad601e9
commit 79af8bf78b
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
31 changed files with 271 additions and 143 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
openmetadata-docs/content/v1.5.x/deployment/security/amazon-cognito-sso/bare-metal.md
View File

@ -17,12 +17,20 @@ authenticationConfiguration:
provider: "aws-cognito"
publicKeyUrls:
- "https://cognito-idp.us-west-1.amazonaws.com/{User Pool ID}/.well-known/jwks.json"
- "{your domain}/api/v1/system/config/jwks"
- "https://{your domain}/api/v1/system/config/jwks"
authority: "https://cognito-idp.us-west-1.amazonaws.com/{User Pool ID}"
clientId: "{Client ID}"
callbackUrl: "http://localhost:8585/callback"
callbackUrl: "https://{your domain}/callback"
```
{% note %}
`AUTHENTICATION_PUBLIC_KEYS` and `AUTHENTICATION_CALLBACK_URL` refers to https://{your domain} this is referring to your OpenMetdata installation domain name
and please make sure to correctly put http or https depending on your installation.
{% /note %}
Then,
- Update `authorizerConfiguration` to add login names of the admin users in `adminPrincipals` section as shown below.
- Update the `principalDomain` to your company domain name.

12
openmetadata-docs/content/v1.5.x/deployment/security/amazon-cognito-sso/docker.md
View File

@ -21,12 +21,20 @@ AUTHORIZER_ADMIN_PRINCIPALS=[admin] # Your `name` from name@domain.com
AUTHORIZER_PRINCIPAL_DOMAIN=open-metadata.org # Update with your domain
AUTHENTICATION_PROVIDER=aws-cognito
AUTHENTICATION_PUBLIC_KEYS=[{Cognito Domain}/{User Pool ID}/.well-known/jwks.json, {your domain}/api/v1/system/config/jwks] # Update with your Cognito Domain and User Pool ID
AUTHENTICATION_PUBLIC_KEYS=[{Cognito Domain}/{User Pool ID}/.well-known/jwks.json, https://{your domain}/api/v1/system/config/jwks] # Update with your Cognito Domain and User Pool ID
AUTHENTICATION_AUTHORITY={Cognito Domain}/{User Pool ID} # Update with your Cognito Domain and User Pool ID as follows - https://cognito-idp.us-west-1.amazonaws.com/us-west-1_DL8xfTzj8
AUTHENTICATION_CLIENT_ID={Client ID} # Update with your Client ID
AUTHENTICATION_CALLBACK_URL=http://localhost:8585/callback
AUTHENTICATION_CALLBACK_URL=https://{your domain}/callback
```
{% note %}
`AUTHENTICATION_PUBLIC_KEYS` and `AUTHENTICATION_CALLBACK_URL` refers to https://{your domain} this is referring to your OpenMetdata installation domain name
and please make sure to correctly put http or https depending on your installation.
{% /note %}
## 2. Start Docker
```commandline

11
openmetadata-docs/content/v1.5.x/deployment/security/amazon-cognito-sso/kubernetes.md
View File

@ -23,11 +23,18 @@ openmetadata:
authentication:
provider: "aws-cognito"
publicKeys:
- "{your domain}/api/v1/system/config/jwks"
- "https://{your domain}/api/v1/system/config/jwks"
- "{Cognito Domain}/{User Pool ID}/.well-known/jwks.json" # Update with your Cognito Domain and User Pool ID
authority: "{Cognito Domain}/{User Pool ID}" # Update with your Cognito Domain and User Pool ID as follows - https://cognito-idp.us-west-1.amazonaws.com/us-west-1_DL8xfTzj8
clientId: "{Client ID}" # Update with your Client ID
callbackUrl: "http://localhost:8585/callback"
callbackUrl: "https://{your domain}/callback"
```
{% note %}
`AUTHENTICATION_PUBLIC_KEYS` and `AUTHENTICATION_CALLBACK_URL` refers to https://{your domain} this is referring to your OpenMetdata installation domain name
and please make sure to correctly put http or https depending on your installation.
{% /note %}
{% partial file="/v1.5/deployment/configure-ingestion.md" /%}

12
openmetadata-docs/content/v1.5.x/deployment/security/auth0/bare-metal.md
View File

@ -15,12 +15,20 @@ authenticationConfiguration:
provider: "auth0"
publicKeyUrls:
- "https://parth-panchal.us.auth0.com/.well-known/jwks.json"
- "{your domain}/api/v1/system/config/jwks" #Make sure this URL is always configured to enable JWT tokens
- "https://{your domain}/api/v1/system/config/jwks" #Make sure this URL is always configured to enable JWT tokens
authority: "https://parth-panchal.us.auth0.com/"
clientId: "{Client ID}"
callbackUrl: "http://localhost:8585/callback"
callbackUrl: "https://{your domain}/callback"
```
{% note %}
`AUTHENTICATION_PUBLIC_KEYS` and `AUTHENTICATION_CALLBACK_URL` refers to https://{your domain} this is referring to your OpenMetdata installation domain name
and please make sure to correctly put http or https depending on your installation.
{% /note %}
Then,
- Update `authorizerConfiguration` to add login names of the admin users in `adminPrincipals` section as shown below.
- Update the `principalDomain` to your company domain name.

11
openmetadata-docs/content/v1.5.x/deployment/security/auth0/docker.md
View File

@ -21,13 +21,20 @@ AUTHORIZER_ADMIN_PRINCIPALS=[admin] # Your `name` from name@domain.com
AUTHORIZER_PRINCIPAL_DOMAIN=open-metadata.org # Update with your domain
AUTHENTICATION_PROVIDER=auth0
AUTHENTICATION_PUBLIC_KEYS=[{Domain}/.well-known/jwks.json,{your domain}/api/v1/system/config/jwks] # Update with your Domain and Make sure this "/api/v1/system/config/jwks" is always configured to enable JWT tokens
AUTHENTICATION_PUBLIC_KEYS=[{Domain}/.well-known/jwks.json,https://{your domain}/api/v1/system/config/jwks] # Update with your Domain and Make sure this "/api/v1/system/config/jwks" is always configured to enable JWT tokens
AUTHENTICATION_AUTHORITY={Domain} # Update with your Domain
AUTHENTICATION_CLIENT_ID={Client ID} # Update with your Client ID
AUTHENTICATION_CALLBACK_URL=http://localhost:8585/callback
AUTHENTICATION_CALLBACK_URL=https://{your domain}/callback
```
{% note %}
`AUTHENTICATION_PUBLIC_KEYS` and `AUTHENTICATION_CALLBACK_URL` refers to https://{your domain} this is referring to your OpenMetdata installation domain name
and please make sure to correctly put http or https depending on your installation.
{% /note %}
## 2. Start Docker
```commandline

11
openmetadata-docs/content/v1.5.x/deployment/security/auth0/kubernetes.md
View File

@ -23,11 +23,18 @@ openmetadata:
authentication:
provider: "auth0"
publicKeys:
- "{your domain}/api/v1/system/config/jwks" # Update with your Domain and Make sure this "/api/v1/system/config/jwks" is always configured to enable JWT tokens
- "https://{your domain}/api/v1/system/config/jwks" # Update with your Domain and Make sure this "/api/v1/system/config/jwks" is always configured to enable JWT tokens
- "{Auth0 Domain Name}/.well-known/jwks.json"
authority: "https://parth-panchal.us.auth0.com/"
clientId: "{Client ID}"
callbackUrl: "http://localhost:8585/callback"
callbackUrl: "https://{your domain}/callback"
```
{% note %}
`AUTHENTICATION_PUBLIC_KEYS` and `AUTHENTICATION_CALLBACK_URL` refers to https://{your domain} this is referring to your OpenMetdata installation domain name
and please make sure to correctly put http or https depending on your installation.
{% /note %}
{% partial file="/v1.5/deployment/configure-ingestion.md" /%}

11
openmetadata-docs/content/v1.5.x/deployment/security/azure/bare-metal.md
View File

@ -15,10 +15,10 @@ authenticationConfiguration:
provider: "azure"
publicKeyUrls:
- "https://login.microsoftonline.com/common/discovery/keys"
- "{your domain}/api/v1/system/config/jwks" # Update with your Domain and Make sure this "/api/v1/system/config/jwks" is always configured to enable JWT tokens
- "https://{your domain}/api/v1/system/config/jwks" # Update with your Domain and Make sure this "/api/v1/system/config/jwks" is always configured to enable JWT tokens
authority: "https://login.microsoftonline.com/{Tenant ID}"
clientId: "{Client ID}" # Azure Application
callbackUrl: "http://localhost:8585/callback"
callbackUrl: "https://{your domain}/callback"
```
Then,
@ -27,6 +27,13 @@ Then,
{% note %}
`AUTHENTICATION_PUBLIC_KEYS` and `AUTHENTICATION_CALLBACK_URL` refers to https://{your domain} this is referring to your OpenMetdata installation domain name
and please make sure to correctly put http or https depending on your installation.
{% /note %}
{% note %}
Altering the order of claims in `jwtPrincipalClaims` may lead to problems when matching a user from a token with an existing user in the system. The mapping process relies on the specific order of claims, so changing it can result in inconsistencies or authentication failures, as the system cannot ensure correct user mapping with a new claim order.
{% /note %}

18
openmetadata-docs/content/v1.5.x/deployment/security/azure/docker.md
View File

@ -23,14 +23,28 @@ AUTHORIZER_ADMIN_PRINCIPALS=[admin] # Your `name` from name@domain.com
AUTHORIZER_PRINCIPAL_DOMAIN=open-metadata.org # Update with your domain
AUTHENTICATION_PROVIDER=azure
AUTHENTICATION_PUBLIC_KEYS=[https://login.microsoftonline.com/common/discovery/keys, {your domain}/api/v1/system/config/jwks] # Update with your Domain and Make sure this "/api/v1/system/config/jwks" is always configured to enable JWT tokens
AUTHENTICATION_PUBLIC_KEYS=[https://login.microsoftonline.com/common/discovery/keys, https://{your domain}/api/v1/system/config/jwks] # Update with your Domain and Make sure this "/api/v1/system/config/jwks" is always configured to enable JWT tokens
AUTHENTICATION_AUTHORITY=https://login.microsoftonline.com/{Tenant ID} # Update with your Tenant ID
AUTHENTICATION_CLIENT_ID={Client ID} # Update with your Client ID of Azure Application
AUTHENTICATION_CALLBACK_URL=http://localhost:8585/callback
AUTHENTICATION_CALLBACK_URL=https://{your domain}/callback
```
{% note %}
`AUTHENTICATION_PUBLIC_KEYS` and `AUTHENTICATION_CALLBACK_URL` refers to https://{your domain} this is referring to your OpenMetdata installation domain name
and please make sure to correctly put http or https depending on your installation.
{% /note %}
{% note %}
Altering the order of claims in `jwtPrincipalClaims` may lead to problems when matching a user from a token with an existing user in the system. The mapping process relies on the specific order of claims, so changing it can result in inconsistencies or authentication failures, as the system cannot ensure correct user mapping with a new claim order.
{% /note %}
{% note %}
Altering the order of claims in `jwtPrincipalClaims` may lead to problems when matching a user from a token with an existing user in the system. The mapping process relies on the specific order of claims, so changing it can result in inconsistencies or authentication failures, as the system cannot ensure correct user mapping with a new claim order.
{% /note %}

11
openmetadata-docs/content/v1.5.x/deployment/security/azure/kubernetes.md
View File

@ -25,15 +25,22 @@ openmetadata:
authentication:
provider: "azure"
publicKeys:
- "{your domain}/api/v1/system/config/jwks" # Update with your Domain and Make sure this "/api/v1/system/config/jwks" is always configured to enable JWT tokens
- "https://{your domain}/api/v1/system/config/jwks" # Update with your Domain and Make sure this "/api/v1/system/config/jwks" is always configured to enable JWT tokens
- "https://login.microsoftonline.com/common/discovery/keys"
authority: "https://login.microsoftonline.com/{Tenant ID}"
clientId: "{Client ID}" # Azure Application
callbackUrl: "http://localhost:8585/callback"
callbackUrl: "https://{your domain}/callback"
```
{% note %}
`AUTHENTICATION_PUBLIC_KEYS` and `AUTHENTICATION_CALLBACK_URL` refers to https://{your domain} this is referring to your OpenMetdata installation domain name
and please make sure to correctly put http or https depending on your installation.
{% /note %}
{% note %}
Altering the order of claims in `jwtPrincipalClaims` may lead to problems when matching a user from a token with an existing user in the system. The mapping process relies on the specific order of claims, so changing it can result in inconsistencies or authentication failures, as the system cannot ensure correct user mapping with a new claim order.
{% /note %}

11
openmetadata-docs/content/v1.5.x/deployment/security/custom-oidc/bare-metal.md
View File

@ -20,12 +20,19 @@ authenticationConfiguration:
providerName: "KeyCloak"
publicKeyUrls:
- "http://localhost:8080/realms/myrealm/protocol/openid-connect/certs"
- "{your domain}/api/v1/system/config/jwks" # Update with your Domain and Make sure this "/api/v1/system/config/jwks" is always configured to enable JWT tokens
- "https://{your domain}/api/v1/system/config/jwks" # Update with your Domain and Make sure this "/api/v1/system/config/jwks" is always configured to enable JWT tokens
authority: "http://localhost:8080/realms/myrealm"
clientId: "{client id}"
callbackUrl: "http://localhost:8585/callback"
callbackUrl: "https://{your domain}/callback"
```
{% note %}
`AUTHENTICATION_PUBLIC_KEYS` and `AUTHENTICATION_CALLBACK_URL` refers to https://{your domain} this is referring to your OpenMetdata installation domain name
and please make sure to correctly put http or https depending on your installation.
{% /note %}
Then,
- Update `authorizerConfiguration` to add login names of the admin users in `adminPrincipals` section as shown below.
- Update the `principalDomain` to your company domain name.

14
openmetadata-docs/content/v1.5.x/deployment/security/custom-oidc/docker.md
View File

@ -22,11 +22,19 @@ AUTHORIZER_PRINCIPAL_DOMAIN=open-metadata.org # Update with your domain
AUTHENTICATION_PROVIDER=custom-oidc
CUSTOM_OIDC_AUTHENTICATION_PROVIDER_NAME=KeyCloak
AUTHENTICATION_PUBLIC_KEYS=[http://localhost:8080/realms/myrealm/protocol/openid-connect/certs, {your domain}/api/v1/system/config/jwks] # Update with your Domain and Make sure this "/api/v1/system/config/jwks" is always configured to enable JWT tokens
AUTHENTICATION_PUBLIC_KEYS=[http://localhost:8080/realms/myrealm/protocol/openid-connect/certs, https://{your domain}/api/v1/system/config/jwks] # Update with your Domain and Make sure this "/api/v1/system/config/jwks" is always configured to enable JWT tokens
AUTHENTICATION_AUTHORITY={http://localhost:8080/realms/myrealm}
AUTHENTICATION_CLIENT_ID={Client ID} # Update with your Client ID
AUTHENTICATION_CALLBACK_URL=http://localhost:8585/callback
```
AUTHENTICATION_CALLBACK_URL=https://{your domain}/callback
```
{% note %}
`AUTHENTICATION_PUBLIC_KEYS` and `AUTHENTICATION_CALLBACK_URL` refers to https://{your domain} this is referring to your OpenMetdata installation domain name
and please make sure to correctly put http or https depending on your installation.
{% /note %}
## 2. Start Docker

11
openmetadata-docs/content/v1.5.x/deployment/security/custom-oidc/kubernetes.md
View File

@ -23,13 +23,20 @@ global:
authentication:
provider: "custom-oidc"
publicKeys:
- "{your domain}/api/v1/system/config/jwks" # Update with your Domain and Make sure this "/api/v1/system/config/jwks" is always configured to enable JWT tokens
- "https://{your domain}/api/v1/system/config/jwks" # Update with your Domain and Make sure this "/api/v1/system/config/jwks" is always configured to enable JWT tokens
- "http://localhost:8080/realms/myrealm/protocol/openid-connect/certs"
authority: "http://localhost:8080/realms/myrealm"
clientId: "{Client ID}"
callbackUrl: "http://localhost:8585/callback"
callbackUrl: "https://{your domain}/callback"
```
{% note %}
`AUTHENTICATION_PUBLIC_KEYS` and `AUTHENTICATION_CALLBACK_URL` refers to https://{your domain} this is referring to your OpenMetdata installation domain name
and please make sure to correctly put http or https depending on your installation.
{% /note %}
{% partial file="/v1.5/deployment/configure-ingestion.md" /%}
### Troubleshooting

11
openmetadata-docs/content/v1.5.x/deployment/security/google/bare-metal.md
View File

@ -15,12 +15,19 @@ authenticationConfiguration:
provider: "google"
publicKeyUrls:
- "https://www.googleapis.com/oauth2/v3/certs"
- "{your domain}/api/v1/system/config/jwks" # Update with your Domain and Make sure this "/api/v1/system/config/jwks" is always configured to enable JWT tokens
- "https://{your domain}/api/v1/system/config/jwks" # Update with your Domain and Make sure this "/api/v1/system/config/jwks" is always configured to enable JWT tokens
authority: "https://accounts.google.com"
clientId: "{client id}"
callbackUrl: "http://localhost:8585/callback"
callbackUrl: "https://{your domain}/callback"
```
{% note %}
`AUTHENTICATION_PUBLIC_KEYS` and `AUTHENTICATION_CALLBACK_URL` refers to https://{your domain} this is referring to your OpenMetdata installation domain name
and please make sure to correctly put http or https depending on your installation.
{% /note %}
Then,
- Update `authorizerConfiguration` to add login names of the admin users in `adminPrincipals` section as shown below.
- Update the `principalDomain` to your company domain name.

11
openmetadata-docs/content/v1.5.x/deployment/security/google/docker.md
View File

@ -22,12 +22,19 @@ AUTHORIZER_INGESTION_PRINCIPALS=[ingestion-bot]
AUTHORIZER_PRINCIPAL_DOMAIN=open-metadata.org # Update with your domain
AUTHENTICATION_PROVIDER=google
AUTHENTICATION_PUBLIC_KEYS=[https://www.googleapis.com/oauth2/v3/certs, {your domain}/api/v1/system/config/jwks] # Update with your Domain and Make sure this "/api/v1/system/config/jwks" is always configured to enable JWT tokens
AUTHENTICATION_PUBLIC_KEYS=[https://www.googleapis.com/oauth2/v3/certs, https://{your domain}/api/v1/system/config/jwks] # Update with your Domain and Make sure this "/api/v1/system/config/jwks" is always configured to enable JWT tokens
AUTHENTICATION_AUTHORITY=https://accounts.google.com
AUTHENTICATION_CLIENT_ID={Client ID} # Update with your Google SSO Client ID
AUTHENTICATION_CALLBACK_URL=http://localhost:8585/callback
AUTHENTICATION_CALLBACK_URL=https://{your domain}/callback
```
{% note %}
`AUTHENTICATION_PUBLIC_KEYS` and `AUTHENTICATION_CALLBACK_URL` refers to https://{your domain} this is referring to your OpenMetdata installation domain name
and please make sure to correctly put http or https depending on your installation.
{% /note %}
### 2. Start Docker
```commandline

11
openmetadata-docs/content/v1.5.x/deployment/security/google/kubernetes.md
View File

@ -26,10 +26,17 @@ openmetadata:
provider: "google"
publicKeys:
- "https://www.googleapis.com/oauth2/v3/certs"
- "{your domain}/api/v1/system/config/jwks" # Update with your Domain and Make sure this "/api/v1/system/config/jwks" is always configured to enable JWT tokens
- "https://{your domain}/api/v1/system/config/jwks" # Update with your Domain and Make sure this "/api/v1/system/config/jwks" is always configured to enable JWT tokens
authority: "https://accounts.google.com"
clientId: "{client id}"
callbackUrl: "http://localhost:8585/callback"
callbackUrl: "https://{your domain}/callback"
```
{% note %}
`AUTHENTICATION_PUBLIC_KEYS` and `AUTHENTICATION_CALLBACK_URL` refers to https://{your domain} this is referring to your OpenMetdata installation domain name
and please make sure to correctly put http or https depending on your installation.
{% /note %}
{% partial file="/v1.5/deployment/configure-ingestion.md" /%}

11
openmetadata-docs/content/v1.5.x/deployment/security/keycloak/bare-metal.md
View File

@ -21,10 +21,10 @@ authenticationConfiguration:
providerName: "KeyCloak"
publicKeyUrls:
- "http://localhost:8081/auth/realms/data-sec/protocol/openid-connect/certs"
- "{your domain}/api/v1/system/config/jwks" # Update with your Domain and Make sure this "/api/v1/system/config/jwks" is always configured to enable JWT tokens
- "https://{your domain}/api/v1/system/config/jwks" # Update with your Domain and Make sure this "/api/v1/system/config/jwks" is always configured to enable JWT tokens
authority: "http://localhost:8081/auth/realms/data-sec"
clientId: "open-metadata"
callbackUrl: "http://localhost:8585/callback"
callbackUrl: "https://{your domain}/callback"
```
Then,
@ -33,6 +33,13 @@ Then,
{% note %}
`AUTHENTICATION_PUBLIC_KEYS` and `AUTHENTICATION_CALLBACK_URL` refers to https://{your domain} this is referring to your OpenMetdata installation domain name
and please make sure to correctly put http or https depending on your installation.
{% /note %}
{% note %}
Altering the order of claims in `jwtPrincipalClaims` may lead to problems when matching a user from a token with an existing user in the system. The mapping process relies on the specific order of claims, so changing it can result in inconsistencies or authentication failures, as the system cannot ensure correct user mapping with a new claim order.
{% /note %}

11
openmetadata-docs/content/v1.5.x/deployment/security/keycloak/docker.md
View File

@ -24,14 +24,21 @@ AUTHORIZER_PRINCIPAL_DOMAIN=open-metadata.org # Update with your domain
AUTHENTICATION_PROVIDER=custom-oidc
CUSTOM_OIDC_AUTHENTICATION_PROVIDER_NAME=KeyCloak
AUTHENTICATION_PUBLIC_KEYS=[http://localhost:8081/auth/realms/data-sec/protocol/openid-connect/certs, {your domain}/api/v1/system/config/jwks] # Update with your Domain and Make sure this "/api/v1/system/config/jwks" is always configured to enable JWT tokens
AUTHENTICATION_PUBLIC_KEYS=[http://localhost:8081/auth/realms/data-sec/protocol/openid-connect/certs, https://{your domain}/api/v1/system/config/jwks] # Update with your Domain and Make sure this "/api/v1/system/config/jwks" is always configured to enable JWT tokens
AUTHENTICATION_AUTHORITY={http://localhost:8081/auth/realms/data-sec}
AUTHENTICATION_CLIENT_ID=open-metadata # Update with your Client ID
AUTHENTICATION_CALLBACK_URL=http://localhost:8585/callback
AUTHENTICATION_CALLBACK_URL=https://{your domain}/callback
```
{% note %}
`AUTHENTICATION_PUBLIC_KEYS` and `AUTHENTICATION_CALLBACK_URL` refers to https://{your domain} this is referring to your OpenMetdata installation domain name
and please make sure to correctly put http or https depending on your installation.
{% /note %}
{% note %}
Altering the order of claims in `jwtPrincipalClaims` may lead to problems when matching a user from a token with an existing user in the system. The mapping process relies on the specific order of claims, so changing it can result in inconsistencies or authentication failures, as the system cannot ensure correct user mapping with a new claim order.
{% /note %}

11
openmetadata-docs/content/v1.5.x/deployment/security/keycloak/kubernetes.md
View File

@ -25,15 +25,22 @@ openmetadata:
authentication:
provider: "custom-oidc"
publicKeys:
- "{your domain}/api/v1/system/config/jwks" # Update with your Domain and Make sure this "/api/v1/system/config/jwks" is always configured to enable JWT tokens
- "https://{your domain}/api/v1/system/config/jwks" # Update with your Domain and Make sure this "/api/v1/system/config/jwks" is always configured to enable JWT tokens
- "http://localhost:8081/auth/realms/data-sec/protocol/openid-connect/certs"
authority: "http://localhost:8081/auth/realms/data-sec"
clientId: "{Client ID}"
callbackUrl: "http://localhost:8585/callback"
callbackUrl: "https://{your domain}/callback"
```
{% note %}
`AUTHENTICATION_PUBLIC_KEYS` and `AUTHENTICATION_CALLBACK_URL` refers to https://{your domain} this is referring to your OpenMetdata installation domain name
and please make sure to correctly put http or https depending on your installation.
{% /note %}
{% note %}
Altering the order of claims in `jwtPrincipalClaims` may lead to problems when matching a user from a token with an existing user in the system. The mapping process relies on the specific order of claims, so changing it can result in inconsistencies or authentication failures, as the system cannot ensure correct user mapping with a new claim order.
{% /note %}

9
openmetadata-docs/content/v1.5.x/deployment/security/ldap/bare-metal.md
View File

@ -15,7 +15,7 @@ The following configuration controls the auth mechanism for OpenMetadata. Update
```yaml
authenticationConfiguration:
provider: ${AUTHENTICATION_PROVIDER:-ldap}
publicKeyUrls: ${AUTHENTICATION_PUBLIC_KEYS:-[{your domain}/api/v1/system/config/jwks]} # Update with your Domain and Make sure this "/api/v1/system/config/jwks" is always configured to enable JWT tokens
publicKeyUrls: ${AUTHENTICATION_PUBLIC_KEYS:-[https://{your domain}/api/v1/system/config/jwks]} # Update with your Domain and Make sure this "/api/v1/system/config/jwks" is always configured to enable JWT tokens
authority: ${AUTHENTICATION_AUTHORITY:-https://accounts.google.com}
enableSelfSignup : ${AUTHENTICATION_ENABLE_SELF_SIGNUP:-false}
ldapConfiguration:
@ -45,6 +45,13 @@ authenticationConfiguration:
examineValidityDates: ${AUTHENTICATION_LDAP_EXAMINE_VALIDITY_DATES:-true}
```
{% note %}
`AUTHENTICATION_PUBLIC_KEYS` and `AUTHENTICATION_CALLBACK_URL` refers to https://{your domain} this is referring to your OpenMetdata installation domain name
and please make sure to correctly put http or https depending on your installation.
{% /note %}
For the LDAP auth we need to set:
OpenMetadata Specific Configuration :

15
openmetadata-docs/content/v1.5.x/deployment/security/oidc/index.md
View File

@ -23,7 +23,7 @@ Below are the configuration types to set up the OIDC Authentication with a Confi
```yaml
authenticationConfiguration:
clientType: ${AUTHENTICATION_CLIENT_TYPE:-confidential}
publicKeyUrls: ${AUTHENTICATION_PUBLIC_KEYS:-[http://localhost:8585/api/v1/system/config/jwks]}
publicKeyUrls: ${AUTHENTICATION_PUBLIC_KEYS:-[https://{your domain}/api/v1/system/config/jwks]}
oidcConfiguration:
id: ${OIDC_CLIENT_ID:-""}
type: ${OIDC_TYPE:-""} # google, azure etc.
@ -34,17 +34,24 @@ Below are the configuration types to set up the OIDC Authentication with a Confi
preferredJwsAlgorithm: ${OIDC_PREFERRED_JWS:-"RS256"}
responseType: ${OIDC_RESPONSE_TYPE:-"code"}
disablePkce: ${OIDC_DISABLE_PKCE:-true}
callbackUrl: ${OIDC_CALLBACK:-"http://localhost:8585/callback"}
serverUrl: ${OIDC_SERVER_URL:-"http://localhost:8585"}
callbackUrl: ${OIDC_CALLBACK:-"https://{your domain}/callback"}
serverUrl: ${OIDC_SERVER_URL:-"https://{your domain}"}
clientAuthenticationMethod: ${OIDC_CLIENT_AUTH_METHOD:-"client_secret_post"}
tenant: ${OIDC_TENANT:-""}
maxClockSkew: ${OIDC_MAX_CLOCK_SKEW:-""}
customParams: ${OIDC_CUSTOM_PARAMS:-}
```
{% note %}
`AUTHENTICATION_PUBLIC_KEYS` and `AUTHENTICATION_CALLBACK_URL`, `OIDC_SERVER_URL` refers to https://{your domain} this is referring to your OpenMetdata installation domain name
and please make sure to correctly put http or https depending on your installation.
{% /note %}
# Configuration Parameters
## Public Key Url (publicKeyUrls):
This needs to be updated as per different SSO providers. The default value is `http://localhost:8585/api/v1/system/config/jwks`. This is the URL where the public keys are stored. The public keys are used to verify the signature of the JWT token.
This needs to be updated as per different SSO providers. The default value is `https://{your domain}/api/v1/system/config/jwks`. This is the URL where the public keys are stored. The public keys are used to verify the signature of the JWT token.
{%important%}

38
openmetadata-docs/content/v1.5.x/deployment/security/okta/bare-metal.md
View File

@ -15,10 +15,10 @@ authenticationConfiguration:
provider: "okta"
publicKeyUrls:
- "{ISSUER_URL}/v1/keys"
- "{your domain}/api/v1/system/config/jwks" # Update with your Domain and Make sure this "/api/v1/system/config/jwks" is always configured to enable JWT tokens
- "https://{your domain}/api/v1/system/config/jwks" # Update with your Domain and Make sure this "/api/v1/system/config/jwks" is always configured to enable JWT tokens
authority: "{ISSUER_URL}"
clientId: "{CLIENT_ID - SPA APP}"
callbackUrl: "http://localhost:8585/callback"
callbackUrl: "https://{your domain}/callback"
```
Then,
@ -36,34 +36,10 @@ authorizerConfiguration:
principalDomain: "open-metadata.org"
```
In `0.12.1` the `className` and `containerRequestFilter` must replace `org.openmetadata.catalog` by `org.openmetadata.service`.
Finally, update the Airflow information:
**Before 0.12.1**
```yaml
airflowConfiguration:
apiEndpoint: ${AIRFLOW_HOST:-http://localhost:8080}
username: ${AIRFLOW_USERNAME:-admin}
password: ${AIRFLOW_PASSWORD:-admin}
metadataApiEndpoint: ${SERVER_HOST_API_URL:-http://localhost:8585/api}
authProvider: okta
authConfig:
okta:
clientId: ${OM_AUTH_AIRFLOW_OKTA_CLIENT_ID:-""}
orgURL: ${OM_AUTH_AIRFLOW_OKTA_ORGANIZATION_URL:-""}
privateKey: ${OM_AUTH_AIRFLOW_OKTA_PRIVATE_KEY:-""}
email: ${OM_AUTH_AIRFLOW_OKTA_SA_EMAIL:-""}
scopes: ${OM_AUTH_AIRFLOW_OKTA_SCOPES:-[]}
```
**After 0.12.1**
```yaml
pipelineServiceClientConfiguration:
apiEndpoint: ${PIPELINE_SERVICE_CLIENT_ENDPOINT:-http://localhost:8080}
metadataApiEndpoint: ${SERVER_HOST_API_URL:-http://localhost:8585/api}
metadataApiEndpoint: ${SERVER_HOST_API_URL:-https://{your domain}/api}
ingestionIpInfoEnabled: ${PIPELINE_SERVICE_IP_INFO_ENABLED:-false}
hostIp: ${PIPELINE_SERVICE_CLIENT_HOST_IP:-""}
healthCheckInterval: ${PIPELINE_SERVICE_CLIENT_HEALTH_CHECK_INTERVAL:-300}
@ -79,7 +55,15 @@ pipelineServiceClientConfiguration:
# If we need to use SSL to reach Airflow
truststorePath: ${AIRFLOW_TRUST_STORE_PATH:-""}
truststorePassword: ${AIRFLOW_TRUST_STORE_PASSWORD:-""}
```
{% note %}
`AUTHENTICATION_PUBLIC_KEYS` and `AUTHENTICATION_CALLBACK_URL` refers to https://{your domain} this is referring to your OpenMetdata installation domain name
and please make sure to correctly put http or https depending on your installation.
{% /note %}
**Note:** Follow [this](/developers/bots) guide to configure the `ingestion-bot` credentials for
ingesting data from Airflow.

56
openmetadata-docs/content/v1.5.x/deployment/security/okta/docker.md
View File

@ -15,51 +15,6 @@ generated when setting up the account.
Note: Make sure to add the Ingestion Client ID for the Service application in `AUTHORIZER_INGESTION_PRINCIPALS`. This can be found in Okta -> Applications -> Applications, Refer to Step 3 for `Creating Service Application`.
### 1.1 Before 0.12.1
OM_AUTH_AIRFLOW_OKTA_PRIVATE_KEY to be set as per the example below using the escape sequence for quotes.
```shell
# OpenMetadata Server Authentication Configuration
AUTHORIZER_CLASS_NAME=org.openmetadata.service.security.DefaultAuthorizer
AUTHORIZER_REQUEST_FILTER=org.openmetadata.service.security.JwtFilter
AUTHORIZER_ADMIN_PRINCIPALS=[admin] # Your `name` from name@domain.com
AUTHORIZER_INGESTION_PRINCIPALS=[ingestion-bot, <service_application_client_id>]
AUTHORIZER_PRINCIPAL_DOMAIN=open-metadata.org # Update with your domain
AUTHENTICATION_PROVIDER=okta
AUTHENTICATION_PUBLIC_KEYS=[{ISSUER_URL}/v1/keys, {your domain}/api/v1/system/config/jwks] # Update with your Domain and Make sure this "/api/v1/system/config/jwks" is always configured to enable JWT tokens
AUTHENTICATION_AUTHORITY={ISSUER_URL} # Update with your Issuer URL
AUTHENTICATION_CLIENT_ID={CLIENT_ID - SPA APP} # Update with your Client ID
AUTHENTICATION_CALLBACK_URL=http://localhost:8585/callback
# Airflow Configuration
AIRFLOW_AUTH_PROVIDER=okta
OM_AUTH_AIRFLOW_OKTA_CLIENT_ID={OM_AUTH_AIRFLOW_OKTA_CLIENT_ID:-""}
OM_AUTH_AIRFLOW_OKTA_ORGANIZATION_URL={OM_AUTH_AIRFLOW_OKTA_ORGANIZATION_URL:-""}
OM_AUTH_AIRFLOW_OKTA_PRIVATE_KEY=\'{"p":"lorem","kty":"RSA","q":"ipsum","d":"dolor","e":"AQAB","use":"sig","kid":"0oa5p908cltOc4fsl5d7","qi":"lorem","dp":"lorem","alg":"RS256","dq":"ipsum","n":"dolor"}\'
OM_AUTH_AIRFLOW_OKTA_SA_EMAIL={OM_AUTH_AIRFLOW_OKTA_SA_EMAIL:-""}
OM_AUTH_AIRFLOW_OKTA_SCOPES={OM_AUTH_AIRFLOW_OKTA_SCOPES:-[]}
```
### 1.2 After 0.12.1
```shell
# OpenMetadata Server Authentication Configuration
AUTHORIZER_CLASS_NAME=org.openmetadata.service.security.DefaultAuthorizer
AUTHORIZER_REQUEST_FILTER=org.openmetadata.service.security.JwtFilter
AUTHORIZER_ADMIN_PRINCIPALS=[admin] # Your `name` from name@domain.com
AUTHORIZER_INGESTION_PRINCIPALS=[ingestion-bot, <service_application_client_id>]
AUTHORIZER_PRINCIPAL_DOMAIN=open-metadata.org # Update with your domain
AUTHENTICATION_PROVIDER=okta
AUTHENTICATION_PUBLIC_KEYS={ISSUER_URL}/v1/keys # Update with your Issuer URL
AUTHENTICATION_AUTHORITY={ISSUER_URL} # Update with your Issuer URL
AUTHENTICATION_CLIENT_ID={CLIENT_ID - SPA APP} # Update with your Client ID
AUTHENTICATION_CALLBACK_URL=http://localhost:8585/callback
```
### 1.3 After 0.13.0
```shell
# OpenMetadata Server Authentication Configuration
@ -69,12 +24,19 @@ AUTHORIZER_ADMIN_PRINCIPALS=[admin] # Your `name` from name@domain.com
AUTHORIZER_PRINCIPAL_DOMAIN=open-metadata.org # Update with your domain
AUTHENTICATION_PROVIDER=okta
AUTHENTICATION_PUBLIC_KEYS={ISSUER_URL}/v1/keys # Update with your Issuer URL
AUTHENTICATION_PUBLIC_KEYS=[{ISSUER_URL}/v1/keys, https://{your domain}/api/v1/system/config/jwks] # Update with your Issuer URL
AUTHENTICATION_AUTHORITY={ISSUER_URL} # Update with your Issuer URL
AUTHENTICATION_CLIENT_ID={CLIENT_ID - SPA APP} # Update with your Client ID
AUTHENTICATION_CALLBACK_URL=http://localhost:8585/callback
AUTHENTICATION_CALLBACK_URL=https://{your domain}/callback
```
{% note %}
`AUTHENTICATION_PUBLIC_KEYS` and `AUTHENTICATION_CALLBACK_URL` refers to https://{your domain} this is referring to your OpenMetdata installation domain name
and please make sure to correctly put http or https depending on your installation.
{% /note %}
**Note:** Follow [this](/developers/bots) guide to configure the `ingestion-bot` credentials for
ingesting data from Airflow.

9
openmetadata-docs/content/v1.5.x/deployment/security/okta/kubernetes.md
View File

@ -30,7 +30,14 @@ openmetadata:
- "{ISSUER_URL}/v1/keys"
authority: "{ISSUER_URL}"
clientId: "{CLIENT_ID - SPA APP}"
callbackUrl: "http://localhost:8585/callback"
callbackUrl: "https://{your domain}/callback"
```
{% note %}
`AUTHENTICATION_PUBLIC_KEYS` and `AUTHENTICATION_CALLBACK_URL` refers to https://{your domain} this is referring to your OpenMetdata installation domain name
and please make sure to correctly put http or https depending on your installation.
{% /note %}
{% partial file="/v1.5/deployment/configure-ingestion.md" /%}

14
openmetadata-docs/content/v1.5.x/deployment/security/one-login/bare-metal.md
View File

@ -20,12 +20,20 @@ authenticationConfiguration:
providerName: "OneLogin"
publicKeyUrls:
- "{IssuerUrl}/certs"
- "{your domain}/api/v1/system/config/jwks" # Update with your Domain and Make sure this "/api/v1/system/config/jwks" is always configured to enable JWT tokens
- "https://{your domain}/api/v1/system/config/jwks" # Update with your Domain and Make sure this "/api/v1/system/config/jwks" is always configured to enable JWT tokens
authority: "{IssuerUrl}"
clientId: "{client id}"
callbackUrl: "http://localhost:8585/callback"
callbackUrl: "https://{your domain}/callback"
```
{% note %}
`AUTHENTICATION_PUBLIC_KEYS` and `AUTHENTICATION_CALLBACK_URL` refers to https://{your domain} this is referring to your OpenMetdata installation domain name
and please make sure to correctly put http or https depending on your installation.
{% /note %}
Then,
- Update `authorizerConfiguration` to add login names of the admin users in `adminPrincipals` section as shown below.
- Update the `principalDomain` to your company domain name.
@ -41,4 +49,6 @@ authorizerConfiguration:
principalDomain: "open-metadata.org"
```
{% partial file="/v1.5/deployment/configure-ingestion.md" /%}

11
openmetadata-docs/content/v1.5.x/deployment/security/one-login/docker.md
View File

@ -21,12 +21,19 @@ AUTHORIZER_ADMIN_PRINCIPALS=[admin] # Your `name` from name@domain.com
AUTHORIZER_PRINCIPAL_DOMAIN=open-metadata.org # Update with your domain
AUTHENTICATION_PROVIDER=custom-oidc
AUTHENTICATION_PUBLIC_KEYS=[{public key url}, {your domain}/api/v1/system/config/jwks] # Update with your Domain and Make sure this "/api/v1/system/config/jwks" is always configured to enable JWT tokens
AUTHENTICATION_PUBLIC_KEYS=[{public key url}, https://{your domain}/api/v1/system/config/jwks] # Update with your Domain and Make sure this "/api/v1/system/config/jwks" is always configured to enable JWT tokens
AUTHENTICATION_AUTHORITY={issuer url} # Update with your Issuer URL
AUTHENTICATION_CLIENT_ID={Client ID} # Update with your Client ID
AUTHENTICATION_CALLBACK_URL=http://localhost:8585/callback
AUTHENTICATION_CALLBACK_URL=https://{your domain}/callback
```
{% note %}
`AUTHENTICATION_PUBLIC_KEYS` and `AUTHENTICATION_CALLBACK_URL` refers to https://{your domain} this is referring to your OpenMetdata installation domain name
and please make sure to correctly put http or https depending on your installation.
{% /note %}
## 2. Start Docker
```commandline

11
openmetadata-docs/content/v1.5.x/deployment/security/one-login/kubernetes.md
View File

@ -24,11 +24,18 @@ openmetadata:
authentication:
provider: "custom-oidc"
publicKeys:
- "{your domain}/api/v1/system/config/jwks" # Update with your Domain and Make sure this "/api/v1/system/config/jwks" is always configured to enable JWT tokens
- "https://{your domain}/api/v1/system/config/jwks" # Update with your Domain and Make sure this "/api/v1/system/config/jwks" is always configured to enable JWT tokens
- "{IssuerUrl}/certs"
authority: "{IssuerUrl}"
clientId: "{client id}"
callbackUrl: "http://localhost:8585/callback"
callbackUrl: "https://{your domain}/callback"
```
{% note %}
`AUTHENTICATION_PUBLIC_KEYS` and `AUTHENTICATION_CALLBACK_URL` refers to https://{your domain} this is referring to your OpenMetdata installation domain name
and please make sure to correctly put http or https depending on your installation.
{% /note %}
{% partial file="/v1.5/deployment/configure-ingestion.md" /%}

8
openmetadata-docs/content/v1.5.x/deployment/security/saml/aws.md
View File

@ -61,13 +61,13 @@ Security requirements for your **production** environment:
entityId: ${SAML_IDP_ENTITY_ID:-"https://mocksaml.com/api/saml/sso"}
ssoLoginUrl: ${SAML_IDP_SSO_LOGIN_URL:-"https://saml.example.com/entityid"}
idpX509Certificate: ${SAML_IDP_CERTIFICATE:-""}
authorityUrl: ${SAML_AUTHORITY_URL:-"http://localhost:8585/api/v1/saml/login"}
authorityUrl: ${SAML_AUTHORITY_URL:-"https://{your domain}/api/v1/saml/login"}
nameId: ${SAML_IDP_NAME_ID:-"urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"}
sp:
entityId: ${SAML_SP_ENTITY_ID:-"http://localhost:8585/api/v1/saml/acs"}
acs: ${SAML_SP_ACS:-"http://localhost:8585/api/v1/saml/acs"}
entityId: ${SAML_SP_ENTITY_ID:-"https://{your domain}/api/v1/saml/acs"}
acs: ${SAML_SP_ACS:-"https://{your domain}/api/v1/saml/acs"}
spX509Certificate: ${SAML_SP_CERTIFICATE:-""}
callback: ${SAML_SP_CALLBACK:-"http://localhost:8585/saml/callback"}
callback: ${SAML_SP_CALLBACK:-"https://{your domain}/saml/callback"}
security:
strictMode: ${SAML_STRICT_MODE:-false}
tokenValidity: ${SAML_SP_TOKEN_VALIDITY:-"3600"}

8
openmetadata-docs/content/v1.5.x/deployment/security/saml/azure.md
View File

@ -86,13 +86,13 @@ openssl x509 -in saml.crt -out samlCER.cer -outform DER
entityId: ${SAML_IDP_ENTITY_ID:-"https://mocksaml.com/api/saml/sso"}
ssoLoginUrl: ${SAML_IDP_SSO_LOGIN_URL:-"https://saml.example.com/entityid"}
idpX509Certificate: ${SAML_IDP_CERTIFICATE:-""}
authorityUrl: ${SAML_AUTHORITY_URL:-"http://localhost:8585/api/v1/saml/login"}
authorityUrl: ${SAML_AUTHORITY_URL:-"https://{your domain}/api/v1/saml/login"}
nameId: ${SAML_IDP_NAME_ID:-"urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"}
sp:
entityId: ${SAML_SP_ENTITY_ID:-"http://localhost:8585/api/v1/saml/acs"}
acs: ${SAML_SP_ACS:-"http://localhost:8585/api/v1/saml/acs"}
entityId: ${SAML_SP_ENTITY_ID:-"https://{your domain}/api/v1/saml/acs"}
acs: ${SAML_SP_ACS:-"https://{your domain}/api/v1/saml/acs"}
spX509Certificate: ${SAML_SP_CERTIFICATE:-""}
callback: ${SAML_SP_CALLBACK:-"http://localhost:8585/saml/callback"}
callback: ${SAML_SP_CALLBACK:-"https://{your domain}/saml/callback"}
security:
strictMode: ${SAML_STRICT_MODE:-false}
tokenValidity: ${SAML_SP_TOKEN_VALIDITY:-"3600"}

8
openmetadata-docs/content/v1.5.x/deployment/security/saml/bare-metal.md
View File

@ -19,7 +19,7 @@ are divided into the following three sections:-
entityId: ${SAML_IDP_ENTITY_ID:-"https://mocksaml.com/api/saml/sso"}
ssoLoginUrl: ${SAML_IDP_SSO_LOGIN_URL:-"https://saml.example.com/entityid"}
idpX509Certificate: ${SAML_IDP_CERTIFICATE:-""}
authorityUrl: ${SAML_AUTHORITY_URL:-"http://localhost:8585/api/v1/saml/login"}
authorityUrl: ${SAML_AUTHORITY_URL:-"https://{your domain}/api/v1/saml/login"}
nameId: ${SAML_IDP_NAME_ID:-"urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"}
```
@ -27,10 +27,10 @@ are divided into the following three sections:-
```yaml
sp:
entityId: ${SAML_SP_ENTITY_ID:-"http://localhost:8585/api/v1/saml/acs"}
acs: ${SAML_SP_ACS:-"http://localhost:8585/api/v1/saml/acs"}
entityId: ${SAML_SP_ENTITY_ID:-"https://{your domain}/api/v1/saml/acs"}
acs: ${SAML_SP_ACS:-"https://{your domain}/api/v1/saml/acs"}
spX509Certificate: ${SAML_SP_CERTIFICATE:-""}
callback: ${SAML_SP_CALLBACK:-"http://localhost:8585/saml/callback"}
callback: ${SAML_SP_CALLBACK:-"https://{your domain}/saml/callback"}
```
- Security Config

8
openmetadata-docs/content/v1.5.x/deployment/security/saml/docker.md
View File

@ -26,14 +26,14 @@ If you are using an environment variable from an external file in our setup, and
SAML_IDP_ENTITY_ID=https://mocksaml.com/api/saml/sso
SAML_IDP_SSO_LOGIN_URL=https://saml.example.com/entityid
SAML_IDP_CERTIFICATE=/path/to/the/certificate
SAML_AUTHORITY_URL=http://localhost:8585/api/v1/saml/login
SAML_AUTHORITY_URL=https://{your domain}/api/v1/saml/login
SAML_IDP_NAME_ID=urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
# OpenMetadata Server SP Configuration
SAML_SP_ENTITY_ID=http://localhost:8585/api/v1/saml/acs
SAML_SP_ACS=http://localhost:8585/api/v1/saml/acs
SAML_SP_ENTITY_ID=https://{your domain}/api/v1/saml/acs
SAML_SP_ACS=https://{your domain}/api/v1/saml/acs
SAML_SP_CERTIFICATE=/path/to/the/certificate
SAML_SP_CALLBACK=http://localhost:8585/saml/callback
SAML_SP_CALLBACK=https://{your domain}/saml/callback
# OpenMetadata Server Security Configuration
SAML_STRICT_MODE=false

8
openmetadata-docs/content/v1.5.x/deployment/security/saml/kubernetes.md
View File

@ -17,14 +17,14 @@ openmetadata:
entityId: ${SAML_IDP_ENTITY_ID:-"https://mocksaml.com/api/saml/sso"}
ssoLoginUrl: ${SAML_IDP_SSO_LOGIN_URL:-"https://saml.example.com/entityid"}
idpX509Certificate: ${SAML_IDP_CERTIFICATE:-""}
authorityUrl: ${SAML_AUTHORITY_URL:-"http://localhost:8585/api/v1/saml/login"}
authorityUrl: ${SAML_AUTHORITY_URL:-"https://{your domain}/api/v1/saml/login"}
nameId: ${SAML_IDP_NAME_ID:-"urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"}
sp:
entityId: ${SAML_SP_ENTITY_ID:-"http://localhost:8585/api/v1/saml/acs"}
acs: ${SAML_SP_ACS:-"http://localhost:8585/api/v1/saml/acs"}
entityId: ${SAML_SP_ENTITY_ID:-"https://{your domain}/api/v1/saml/acs"}
acs: ${SAML_SP_ACS:-"https://{your domain}/api/v1/saml/acs"}
spX509Certificate: ${SAML_SP_CERTIFICATE:-""}
callback: ${SAML_SP_CALLBACK:-"http://localhost:8585/saml/callback"}
callback: ${SAML_SP_CALLBACK:-"https://{your domain}/saml/callback"}
security:
strictMode: ${SAML_STRICT_MODE:-false}