diff --git a/openmetadata-docs/content/v1.6.x/deployment/security/amazon-cognito-sso/docker.md b/openmetadata-docs/content/v1.6.x/deployment/security/amazon-cognito-sso/docker.md index bdb460b3e76..96031acd357 100644 --- a/openmetadata-docs/content/v1.6.x/deployment/security/amazon-cognito-sso/docker.md +++ b/openmetadata-docs/content/v1.6.x/deployment/security/amazon-cognito-sso/docker.md @@ -21,7 +21,7 @@ AUTHORIZER_ADMIN_PRINCIPALS=[admin] # Your `name` from name@domain.com AUTHORIZER_PRINCIPAL_DOMAIN=open-metadata.org # Update with your domain AUTHENTICATION_PROVIDER=aws-cognito -AUTHENTICATION_PUBLIC_KEYS=[{Cognito Domain}/{User Pool ID}/.well-known/jwks.json, {your domain}/api/v1/system/config/jwks] # Update with your Cognito Domain and User Pool ID +AUTHENTICATION_PUBLIC_KEYS=[{Cognito Domain}/{User Pool ID}/.well-known/jwks.json, https://{your domain}/api/v1/system/config/jwks] # Update with your Cognito Domain and User Pool ID AUTHENTICATION_AUTHORITY={Cognito Domain}/{User Pool ID} # Update with your Cognito Domain and User Pool ID as follows - https://cognito-idp.us-west-1.amazonaws.com/us-west-1_DL8xfTzj8 AUTHENTICATION_CLIENT_ID={Client ID} # Update with your Client ID AUTHENTICATION_CALLBACK_URL=http://localhost:8585/callback diff --git a/openmetadata-docs/content/v1.6.x/deployment/security/auth0/docker.md b/openmetadata-docs/content/v1.6.x/deployment/security/auth0/docker.md index faafe7b43f9..a9d4d6db5d5 100644 --- a/openmetadata-docs/content/v1.6.x/deployment/security/auth0/docker.md +++ b/openmetadata-docs/content/v1.6.x/deployment/security/auth0/docker.md @@ -24,7 +24,7 @@ AUTHORIZER_REQUEST_FILTER=org.openmetadata.service.security.JwtFilter AUTHORIZER_ADMIN_PRINCIPALS=[admin] # john.doe from john.doe@example.com AUTHORIZER_PRINCIPAL_DOMAIN=open-metadata.org # Update with your Domain,The primary domain for the organization (example.com from john.doe@example.com). AUTHENTICATION_PROVIDER=auth0 -AUTHENTICATION_PUBLIC_KEYS=[{Domain}/.well-known/jwks.json,{your domain}/api/v1/system/config/jwks] # Update with your Domain and Make sure this "/api/v1/system/config/jwks" is always configured to enable JWT tokens +AUTHENTICATION_PUBLIC_KEYS=[{Domain}/.well-known/jwks.json, https://{your domain}/api/v1/system/config/jwks] # Update with your Domain and Make sure this "/api/v1/system/config/jwks" is always configured to enable JWT tokens AUTHENTICATION_AUTHORITY={Domain} # The base URL of the authentication provider. AUTHENTICATION_CLIENT_ID={Client ID} # Update with your Client ID AUTHENTICATION_CALLBACK_URL=http://localhost:8585/callback @@ -38,7 +38,7 @@ AUTHORIZER_REQUEST_FILTER=org.openmetadata.service.security.JwtFilter AUTHORIZER_ADMIN_PRINCIPALS=[admin] # john.doe from john.doe@example.com AUTHORIZER_PRINCIPAL_DOMAIN=open-metadata.org # Update with your Domain,The primary domain for the organization (example.com from john.doe@example.com). AUTHENTICATION_PROVIDER=auth0 -AUTHENTICATION_PUBLIC_KEYS=[{Domain}/.well-known/jwks.json,{your domain}/api/v1/system/config/jwks] # Update with your Domain and Make sure this "/api/v1/system/config/jwks" is always configured to enable JWT tokens +AUTHENTICATION_PUBLIC_KEYS=[{Domain}/.well-known/jwks.json, https://{your domain}/api/v1/system/config/jwks] # Update with your Domain and Make sure this "/api/v1/system/config/jwks" is always configured to enable JWT tokens AUTHENTICATION_AUTHORITY={Domain} # The base URL of the authentication provider. AUTHENTICATION_CLIENT_ID={Client ID} # Update with your Client ID AUTHENTICATION_CALLBACK_URL=http://localhost:8585/callback diff --git a/openmetadata-docs/content/v1.6.x/deployment/security/azure/docker.md b/openmetadata-docs/content/v1.6.x/deployment/security/azure/docker.md index 66a49f9ae90..5f952b3df73 100644 --- a/openmetadata-docs/content/v1.6.x/deployment/security/azure/docker.md +++ b/openmetadata-docs/content/v1.6.x/deployment/security/azure/docker.md @@ -23,7 +23,7 @@ AUTHORIZER_REQUEST_FILTER=org.openmetadata.service.security.JwtFilter AUTHORIZER_ADMIN_PRINCIPALS=[admin] # john.doe from john.doe@example.com AUTHORIZER_PRINCIPAL_DOMAIN=open-metadata.org # Update with your Domain,The primary domain for the organization (example.com from john.doe@example.com). AUTHENTICATION_PROVIDER=azure -AUTHENTICATION_PUBLIC_KEYS=[https://login.microsoftonline.com/common/discovery/keys, {your domain}/api/v1/system/config/jwks] # Update with your Domain and Make sure this "/api/v1/system/config/jwks" is always configured to enable JWT tokens +AUTHENTICATION_PUBLIC_KEYS=[https://login.microsoftonline.com/common/discovery/keys, https://{your domain}/api/v1/system/config/jwks] # Update with your Domain and Make sure this "/api/v1/system/config/jwks" is always configured to enable JWT tokens AUTHENTICATION_AUTHORITY=https://login.microsoftonline.com/{Tenant ID} # Update with your Tenant ID AUTHENTICATION_CLIENT_ID={CLIENT_ID} # Update with your Client ID of Azure Application AUTHENTICATION_CALLBACK_URL=http://localhost:8585/callback @@ -37,7 +37,7 @@ AUTHORIZER_REQUEST_FILTER=org.openmetadata.service.security.JwtFilter AUTHORIZER_ADMIN_PRINCIPALS=[admin] # john.doe from john.doe@example.com AUTHORIZER_PRINCIPAL_DOMAIN=open-metadata.org # Update with your Domain,The primary domain for the organization (example.com from john.doe@example.com). AUTHENTICATION_PROVIDER=azure -AUTHENTICATION_PUBLIC_KEYS=[https://login.microsoftonline.com/common/discovery/keys, {your domain}/api/v1/system/config/jwks] # Update with your Domain and Make sure this "/api/v1/system/config/jwks" is always configured to enable JWT tokens +AUTHENTICATION_PUBLIC_KEYS=[https://login.microsoftonline.com/common/discovery/keys, https://{your domain}/api/v1/system/config/jwks] # Update with your Domain and Make sure this "/api/v1/system/config/jwks" is always configured to enable JWT tokens AUTHENTICATION_AUTHORITY=https://login.microsoftonline.com/{Tenant ID} # Update with your Tenant ID AUTHENTICATION_CLIENT_ID={CLIENT_ID} # Update with your Client ID of Azure Application AUTHENTICATION_CALLBACK_URL=http://localhost:8585/callback diff --git a/openmetadata-docs/content/v1.6.x/deployment/security/custom-oidc/docker.md b/openmetadata-docs/content/v1.6.x/deployment/security/custom-oidc/docker.md index 28dbc6ac155..9c74e400dd7 100644 --- a/openmetadata-docs/content/v1.6.x/deployment/security/custom-oidc/docker.md +++ b/openmetadata-docs/content/v1.6.x/deployment/security/custom-oidc/docker.md @@ -22,7 +22,7 @@ AUTHORIZER_PRINCIPAL_DOMAIN=open-metadata.org # Update with your domain AUTHENTICATION_PROVIDER=custom-oidc CUSTOM_OIDC_AUTHENTICATION_PROVIDER_NAME=KeyCloak -AUTHENTICATION_PUBLIC_KEYS=[http://localhost:8080/realms/myrealm/protocol/openid-connect/certs, {your domain}/api/v1/system/config/jwks] # Update with your Domain and Make sure this "/api/v1/system/config/jwks" is always configured to enable JWT tokens +AUTHENTICATION_PUBLIC_KEYS=[http://localhost:8080/realms/myrealm/protocol/openid-connect/certs, https://{your domain}/api/v1/system/config/jwks] # Update with your Domain and Make sure this "/api/v1/system/config/jwks" is always configured to enable JWT tokens AUTHENTICATION_AUTHORITY={http://localhost:8080/realms/myrealm} AUTHENTICATION_CLIENT_ID={Client ID} # Update with your Client ID AUTHENTICATION_CALLBACK_URL=http://localhost:8585/callback diff --git a/openmetadata-docs/content/v1.6.x/deployment/security/google/docker.md b/openmetadata-docs/content/v1.6.x/deployment/security/google/docker.md index 7b54501b739..fa94827d84a 100644 --- a/openmetadata-docs/content/v1.6.x/deployment/security/google/docker.md +++ b/openmetadata-docs/content/v1.6.x/deployment/security/google/docker.md @@ -22,7 +22,7 @@ AUTHORIZER_INGESTION_PRINCIPALS=[ingestion-bot] AUTHORIZER_PRINCIPAL_DOMAIN=open-metadata.org # Update with your domain AUTHENTICATION_PROVIDER=google -AUTHENTICATION_PUBLIC_KEYS=[https://www.googleapis.com/oauth2/v3/certs, {your domain}/api/v1/system/config/jwks] # Update with your Domain and Make sure this "/api/v1/system/config/jwks" is always configured to enable JWT tokens +AUTHENTICATION_PUBLIC_KEYS=[https://www.googleapis.com/oauth2/v3/certs, https://{your domain}/api/v1/system/config/jwks] # Update with your Domain and Make sure this "/api/v1/system/config/jwks" is always configured to enable JWT tokens AUTHENTICATION_AUTHORITY=https://accounts.google.com AUTHENTICATION_CLIENT_ID={Client ID} # Update with your Google SSO Client ID AUTHENTICATION_CALLBACK_URL=http://localhost:8585/callback diff --git a/openmetadata-docs/content/v1.6.x/deployment/security/keycloak/docker.md b/openmetadata-docs/content/v1.6.x/deployment/security/keycloak/docker.md index 8756ce39063..3390d4214e9 100644 --- a/openmetadata-docs/content/v1.6.x/deployment/security/keycloak/docker.md +++ b/openmetadata-docs/content/v1.6.x/deployment/security/keycloak/docker.md @@ -22,38 +22,39 @@ Check the more information about environment variable [here](/deployment/securit ```implicit # Implicit Flow -AUTHORIZER_CLASS_NAME: ${AUTHORIZER_CLASS_NAME:-org.openmetadata.service.security.DefaultAuthorizer} -AUTHORIZER_REQUEST_FILTER: ${AUTHORIZER_REQUEST_FILTER:-org.openmetadata.service.security.JwtFilter} +AUTHORIZER_CLASS_NAME= org.openmetadata.service.security.DefaultAuthorizer +AUTHORIZER_REQUEST_FILTER= org.openmetadata.service.security.JwtFilter AUTHORIZER_ADMIN_PRINCIPALS=[admin] # john.doe from john.doe@example.com AUTHORIZER_PRINCIPAL_DOMAIN=open-metadata.org # Update with your Domain,The primary domain for the organization (example.com from john.doe@example.com). -AUTHENTICATION_CLIENT_ID="{Client ID}" -AUTHENTICATION_PROVIDER=custom-oidc # Use "custom-oidc" for Keycloak -CUSTOM_OIDC_AUTHENTICATION_PROVIDER_NAME=Keycloak # Name of the OIDC provider -AUTHENTICATION_PUBLIC_KEYS=http://{Keycloak-server-URL}/realms/{your-realm}/protocol/openid-connect/certs, http://{OMD-server-domain}/api/v1/system/config/jwks # Update your keyCloak server URL, Realm and openmetadata URL -AUTHENTICATION_CALLBACK_URL="http://localhost:8585/callback" -AUTHENTICATION_AUTHORITY=AUTHENTICATION_AUTHORITY:-http://localhost:8080/realms/{your-realm} -AUTHENTICATION_CLIENT_TYPE=public +AUTHENTICATION_PROVIDER=custom-oidc # Use "custom-oidc" for Keycloak +AUTHENTICATION_CLIENT_ID=testsso +CUSTOM_OIDC_AUTHENTICATION_PROVIDER_NAME=KeyCloak # Name of the OIDC provider +AUTHENTICATION_PUBLIC_KEYS=[http://localhost:8081/auth/realms/data-sec/protocol/openid-connect/certs, https://{your domain}/api/v1/system/config/jwks] # Update with your Domain and Make sure this "/api/v1/system/config/jwks" is always configured to enable JWT tokens +AUTHENTICATION_CALLBACK_URL="http://localhost:8585/callback" +AUTHENTICATION_AUTHORITY={http://localhost:8080/realms/{your-realm}} +AUTHENTICATION_CLIENT_TYPE=public ``` ```authcode # Auth Code Flow -AUTHORIZER_CLASS_NAME: ${AUTHORIZER_CLASS_NAME:-org.openmetadata.service.security.DefaultAuthorizer} -AUTHORIZER_REQUEST_FILTER: ${AUTHORIZER_REQUEST_FILTER:-org.openmetadata.service.security.JwtFilter} +AUTHORIZER_CLASS_NAME= org.openmetadata.service.security.DefaultAuthorizer +AUTHORIZER_REQUEST_FILTER= org.openmetadata.service.security.JwtFilter AUTHORIZER_ADMIN_PRINCIPALS=[admin] # john.doe from john.doe@example.com AUTHORIZER_PRINCIPAL_DOMAIN=open-metadata.org # Update with your Domain,The primary domain for the organization (example.com from john.doe@example.com). -AUTHENTICATION_CLIENT_ID="{Client ID}" + AUTHENTICATION_PROVIDER=custom-oidc # Use "custom-oidc" for Keycloak -CUSTOM_OIDC_AUTHENTICATION_PROVIDER_NAME=Keycloak # Name of the OIDC provider -AUTHENTICATION_PUBLIC_KEYS=http://{Keycloak-server-URL}/realms/{your-realm}/protocol/openid-connect/certs, http://{OMD-server-domain}/api/v1/system/config/jwks # Update your keyCloak server URL, Realm and openmetadata URL -AUTHENTICATION_CALLBACK_URL="http://localhost:8585/callback" -AUTHENTICATION_AUTHORITY=AUTHENTICATION_AUTHORITY:-http://localhost:8080/realms/{your-realm} +CUSTOM_OIDC_AUTHENTICATION_PROVIDER_NAME=KeyCloak # Name of the OIDC provider +AUTHENTICATION_PUBLIC_KEYS=[http://localhost:8081/auth/realms/data-sec/protocol/openid-connect/certs, https://{your domain}/api/v1/system/config/jwks] # Update with your Domain and Make sure this "/api/v1/system/config/jwks" is always configured to enable JWT tokens +AUTHENTICATION_AUTHORITY={http://localhost:8081/auth/realms/data-sec} +AUTHENTICATION_CLIENT_ID=testsso +AUTHENTICATION_CALLBACK_URL="https://{your domain}/callback" AUTHENTICATION_CLIENT_TYPE=confidential -OIDC_CLIENT_ID="{Client ID}" # Replace with your Keycloak client ID +OIDC_CLIENT_ID=testsso # Replace with your Keycloak client ID OIDC_CLIENT_SECRET="{CLIENT_SECRET}" # Replace with your Keycloak client secret OIDC_TYPE="Keycloak" # Specify the OIDC provider (Keycloak) -OIDC_DISCOVERY_URI="http://{Keycloak-server-URL}/realms/{your-realm}/.well-known/openid-configuration" # Keycloak's discovery URI Update your Keycloak's Domain and Realm +OIDC_DISCOVERY_URI="OIDC_DISCOVERY_URI=http://host.docker.internal:8081/realms/openmetadata/.well-known/openid-configuration" # Keycloak's discovery URI Update your Keycloak's Domain and Realm OIDC_CALLBACK="http://localhost:8585/callback" # Callback URL registered in Keycloak OIDC_SERVER_URL="http://localhost:8585" # OpenMetadata server URL ``` diff --git a/openmetadata-docs/content/v1.6.x/deployment/security/okta/docker.md b/openmetadata-docs/content/v1.6.x/deployment/security/okta/docker.md index fae328f5f38..7de66ea8ef0 100644 --- a/openmetadata-docs/content/v1.6.x/deployment/security/okta/docker.md +++ b/openmetadata-docs/content/v1.6.x/deployment/security/okta/docker.md @@ -24,7 +24,7 @@ AUTHORIZER_REQUEST_FILTER=org.openmetadata.service.security.JwtFilter AUTHORIZER_ADMIN_PRINCIPALS=[admin] # john.doe from john.doe@example.com AUTHORIZER_PRINCIPAL_DOMAIN=open-metadata.org # Update with your Domain,The primary domain for the organization (example.com from john.doe@example.com). AUTHENTICATION_PROVIDER=okta -AUTHENTICATION_PUBLIC_KEYS={ISSUER_URL}/v1/keys # Update with your Issuer URL +AUTHENTICATION_PUBLIC_KEYS=[{ISSUER_URL}/v1/keys, https://{your domain}/api/v1/system/config/jwks] # Update with your Issuer URL AUTHENTICATION_AUTHORITY={ISSUER_URL} # Update with your Issuer URL AUTHENTICATION_CLIENT_ID={CLIENT_ID} # Update with your Client ID AUTHENTICATION_CALLBACK_URL=http://localhost:8585/callback @@ -38,7 +38,7 @@ AUTHORIZER_REQUEST_FILTER=org.openmetadata.service.security.JwtFilter AUTHORIZER_ADMIN_PRINCIPALS=[admin] # john.doe from john.doe@example.com AUTHORIZER_PRINCIPAL_DOMAIN=open-metadata.org # Update with your Domain,The primary domain for the organization (example.com from john.doe@example.com). AUTHENTICATION_PROVIDER=okta -AUTHENTICATION_PUBLIC_KEYS=[{ISSUER_URL}/v1/keys,{your domain}/api/v1/system/config/jwks] # Update with your Issuer URL and Domain also Make sure this "/api/v1/system/config/jwks" is always configured to enable JWT tokens +AUTHENTICATION_PUBLIC_KEYS=[{ISSUER_URL}/v1/keys, https://{your domain}/api/v1/system/config/jwks] # Update with your Issuer URL and Domain also Make sure this "/api/v1/system/config/jwks" is always configured to enable JWT tokens AUTHENTICATION_AUTHORITY={ISSUER_URL} # Update with your Issuer URL AUTHENTICATION_CLIENT_ID={Client ID} # Update with your Client ID AUTHENTICATION_CALLBACK_URL=http://localhost:8585/callback diff --git a/openmetadata-docs/content/v1.6.x/deployment/security/one-login/docker.md b/openmetadata-docs/content/v1.6.x/deployment/security/one-login/docker.md index 55028acf26a..66a12fcc7e0 100644 --- a/openmetadata-docs/content/v1.6.x/deployment/security/one-login/docker.md +++ b/openmetadata-docs/content/v1.6.x/deployment/security/one-login/docker.md @@ -21,7 +21,7 @@ AUTHORIZER_ADMIN_PRINCIPALS=[admin] # Your `name` from name@domain.com AUTHORIZER_PRINCIPAL_DOMAIN=open-metadata.org # Update with your domain AUTHENTICATION_PROVIDER=custom-oidc -AUTHENTICATION_PUBLIC_KEYS=[{public key url}, {your domain}/api/v1/system/config/jwks] # Update with your Domain and Make sure this "/api/v1/system/config/jwks" is always configured to enable JWT tokens +AUTHENTICATION_PUBLIC_KEYS=[{public key url}, https://{your domain}/api/v1/system/config/jwks] # Update with your Domain and Make sure this "/api/v1/system/config/jwks" is always configured to enable JWT tokens AUTHENTICATION_AUTHORITY={issuer url} # Update with your Issuer URL AUTHENTICATION_CLIENT_ID={Client ID} # Update with your Client ID AUTHENTICATION_CALLBACK_URL=http://localhost:8585/callback diff --git a/openmetadata-docs/content/v1.7.x-SNAPSHOT/deployment/security/amazon-cognito-sso/docker.md b/openmetadata-docs/content/v1.7.x-SNAPSHOT/deployment/security/amazon-cognito-sso/docker.md index ae96a8274b6..43a42c27364 100644 --- a/openmetadata-docs/content/v1.7.x-SNAPSHOT/deployment/security/amazon-cognito-sso/docker.md +++ b/openmetadata-docs/content/v1.7.x-SNAPSHOT/deployment/security/amazon-cognito-sso/docker.md @@ -21,7 +21,7 @@ AUTHORIZER_ADMIN_PRINCIPALS=[admin] # Your `name` from name@domain.com AUTHORIZER_PRINCIPAL_DOMAIN=open-metadata.org # Update with your domain AUTHENTICATION_PROVIDER=aws-cognito -AUTHENTICATION_PUBLIC_KEYS=[{Cognito Domain}/{User Pool ID}/.well-known/jwks.json, {your domain}/api/v1/system/config/jwks] # Update with your Cognito Domain and User Pool ID +AUTHENTICATION_PUBLIC_KEYS=[{Cognito Domain}/{User Pool ID}/.well-known/jwks.json, https://{your domain}/api/v1/system/config/jwks] # Update with your Cognito Domain and User Pool ID AUTHENTICATION_AUTHORITY={Cognito Domain}/{User Pool ID} # Update with your Cognito Domain and User Pool ID as follows - https://cognito-idp.us-west-1.amazonaws.com/us-west-1_DL8xfTzj8 AUTHENTICATION_CLIENT_ID={Client ID} # Update with your Client ID AUTHENTICATION_CALLBACK_URL=http://localhost:8585/callback diff --git a/openmetadata-docs/content/v1.7.x-SNAPSHOT/deployment/security/auth0/docker.md b/openmetadata-docs/content/v1.7.x-SNAPSHOT/deployment/security/auth0/docker.md index 0d93af470e4..f37770fd1dd 100644 --- a/openmetadata-docs/content/v1.7.x-SNAPSHOT/deployment/security/auth0/docker.md +++ b/openmetadata-docs/content/v1.7.x-SNAPSHOT/deployment/security/auth0/docker.md @@ -16,7 +16,6 @@ Check the more information about environment variable [here](/deployment/securit {% codeWithLanguageSelector title="Auth Configuration" id="container-1" languagesArray=["implicit","authcode"] theme="dark" %} - ```implicit # Implicit Flow AUTHORIZER_CLASS_NAME=org.openmetadata.service.security.DefaultAuthorizer @@ -24,7 +23,7 @@ AUTHORIZER_REQUEST_FILTER=org.openmetadata.service.security.JwtFilter AUTHORIZER_ADMIN_PRINCIPALS=[admin] # john.doe from john.doe@example.com AUTHORIZER_PRINCIPAL_DOMAIN=open-metadata.org # Update with your Domain,The primary domain for the organization (example.com from john.doe@example.com). AUTHENTICATION_PROVIDER=auth0 -AUTHENTICATION_PUBLIC_KEYS=[{Domain}/.well-known/jwks.json,{your domain}/api/v1/system/config/jwks] # Update with your Domain and Make sure this "/api/v1/system/config/jwks" is always configured to enable JWT tokens +AUTHENTICATION_PUBLIC_KEYS=[{Domain}/.well-known/jwks.json, https://{your domain}/api/v1/system/config/jwks] # Update with your Domain and Make sure this "/api/v1/system/config/jwks" is always configured to enable JWT tokens AUTHENTICATION_AUTHORITY={Domain} # The base URL of the authentication provider. AUTHENTICATION_CLIENT_ID={Client ID} # Update with your Client ID AUTHENTICATION_CALLBACK_URL=http://localhost:8585/callback @@ -38,7 +37,7 @@ AUTHORIZER_REQUEST_FILTER=org.openmetadata.service.security.JwtFilter AUTHORIZER_ADMIN_PRINCIPALS=[admin] # john.doe from john.doe@example.com AUTHORIZER_PRINCIPAL_DOMAIN=open-metadata.org # Update with your Domain,The primary domain for the organization (example.com from john.doe@example.com). AUTHENTICATION_PROVIDER=auth0 -AUTHENTICATION_PUBLIC_KEYS=[{Domain}/.well-known/jwks.json,{your domain}/api/v1/system/config/jwks] # Update with your Domain and Make sure this "/api/v1/system/config/jwks" is always configured to enable JWT tokens +AUTHENTICATION_PUBLIC_KEYS=[{Domain}/.well-known/jwks.json, https://{your domain}/api/v1/system/config/jwks] # Update with your Domain and Make sure this "/api/v1/system/config/jwks" is always configured to enable JWT tokens AUTHENTICATION_AUTHORITY={Domain} # The base URL of the authentication provider. AUTHENTICATION_CLIENT_ID={Client ID} # Update with your Client ID AUTHENTICATION_CALLBACK_URL=http://localhost:8585/callback diff --git a/openmetadata-docs/content/v1.7.x-SNAPSHOT/deployment/security/azure/docker.md b/openmetadata-docs/content/v1.7.x-SNAPSHOT/deployment/security/azure/docker.md index adb46b2af3a..96de0ccca5a 100644 --- a/openmetadata-docs/content/v1.7.x-SNAPSHOT/deployment/security/azure/docker.md +++ b/openmetadata-docs/content/v1.7.x-SNAPSHOT/deployment/security/azure/docker.md @@ -23,7 +23,7 @@ AUTHORIZER_REQUEST_FILTER=org.openmetadata.service.security.JwtFilter AUTHORIZER_ADMIN_PRINCIPALS=[admin] # john.doe from john.doe@example.com AUTHORIZER_PRINCIPAL_DOMAIN=open-metadata.org # Update with your Domain,The primary domain for the organization (example.com from john.doe@example.com). AUTHENTICATION_PROVIDER=azure -AUTHENTICATION_PUBLIC_KEYS=[https://login.microsoftonline.com/common/discovery/keys, {your domain}/api/v1/system/config/jwks] # Update with your Domain and Make sure this "/api/v1/system/config/jwks" is always configured to enable JWT tokens +AUTHENTICATION_PUBLIC_KEYS=[https://login.microsoftonline.com/common/discovery/keys, https://{your domain}/api/v1/system/config/jwks] # Update with your Domain and Make sure this "/api/v1/system/config/jwks" is always configured to enable JWT tokens AUTHENTICATION_AUTHORITY=https://login.microsoftonline.com/{Tenant ID} # Update with your Tenant ID AUTHENTICATION_CLIENT_ID={CLIENT_ID} # Update with your Client ID of Azure Application AUTHENTICATION_CALLBACK_URL=http://localhost:8585/callback @@ -37,7 +37,7 @@ AUTHORIZER_REQUEST_FILTER=org.openmetadata.service.security.JwtFilter AUTHORIZER_ADMIN_PRINCIPALS=[admin] # john.doe from john.doe@example.com AUTHORIZER_PRINCIPAL_DOMAIN=open-metadata.org # Update with your Domain,The primary domain for the organization (example.com from john.doe@example.com). AUTHENTICATION_PROVIDER=azure -AUTHENTICATION_PUBLIC_KEYS=[https://login.microsoftonline.com/common/discovery/keys, {your domain}/api/v1/system/config/jwks] # Update with your Domain and Make sure this "/api/v1/system/config/jwks" is always configured to enable JWT tokens +AUTHENTICATION_PUBLIC_KEYS=[https://login.microsoftonline.com/common/discovery/keys, https://{your domain}/api/v1/system/config/jwks] # Update with your Domain and Make sure this "/api/v1/system/config/jwks" is always configured to enable JWT tokens AUTHENTICATION_AUTHORITY=https://login.microsoftonline.com/{Tenant ID} # Update with your Tenant ID AUTHENTICATION_CLIENT_ID={CLIENT_ID} # Update with your Client ID of Azure Application AUTHENTICATION_CALLBACK_URL=http://localhost:8585/callback @@ -51,6 +51,7 @@ OIDC_DISCOVERY_URI: "" OIDC_CALLBACK: ${OIDC_CALLBACK:-"http://localhost:8585/callback"} ``` + {% /codeWithLanguageSelector %} {% note %} diff --git a/openmetadata-docs/content/v1.7.x-SNAPSHOT/deployment/security/custom-oidc/docker.md b/openmetadata-docs/content/v1.7.x-SNAPSHOT/deployment/security/custom-oidc/docker.md index 52ff52444ed..4f266848c16 100644 --- a/openmetadata-docs/content/v1.7.x-SNAPSHOT/deployment/security/custom-oidc/docker.md +++ b/openmetadata-docs/content/v1.7.x-SNAPSHOT/deployment/security/custom-oidc/docker.md @@ -22,7 +22,7 @@ AUTHORIZER_PRINCIPAL_DOMAIN=open-metadata.org # Update with your domain AUTHENTICATION_PROVIDER=custom-oidc CUSTOM_OIDC_AUTHENTICATION_PROVIDER_NAME=KeyCloak -AUTHENTICATION_PUBLIC_KEYS=[http://localhost:8080/realms/myrealm/protocol/openid-connect/certs, {your domain}/api/v1/system/config/jwks] # Update with your Domain and Make sure this "/api/v1/system/config/jwks" is always configured to enable JWT tokens +AUTHENTICATION_PUBLIC_KEYS=[http://localhost:8080/realms/myrealm/protocol/openid-connect/certs, https://{your domain}/api/v1/system/config/jwks] # Update with your Domain and Make sure this "/api/v1/system/config/jwks" is always configured to enable JWT tokens AUTHENTICATION_AUTHORITY={http://localhost:8080/realms/myrealm} AUTHENTICATION_CLIENT_ID={Client ID} # Update with your Client ID AUTHENTICATION_CALLBACK_URL=http://localhost:8585/callback diff --git a/openmetadata-docs/content/v1.7.x-SNAPSHOT/deployment/security/google/docker.md b/openmetadata-docs/content/v1.7.x-SNAPSHOT/deployment/security/google/docker.md index 088df525aba..d56dd2a3d36 100644 --- a/openmetadata-docs/content/v1.7.x-SNAPSHOT/deployment/security/google/docker.md +++ b/openmetadata-docs/content/v1.7.x-SNAPSHOT/deployment/security/google/docker.md @@ -22,7 +22,7 @@ AUTHORIZER_INGESTION_PRINCIPALS=[ingestion-bot] AUTHORIZER_PRINCIPAL_DOMAIN=open-metadata.org # Update with your domain AUTHENTICATION_PROVIDER=google -AUTHENTICATION_PUBLIC_KEYS=[https://www.googleapis.com/oauth2/v3/certs, {your domain}/api/v1/system/config/jwks] # Update with your Domain and Make sure this "/api/v1/system/config/jwks" is always configured to enable JWT tokens +AUTHENTICATION_PUBLIC_KEYS=[https://www.googleapis.com/oauth2/v3/certs, https://{your domain}/api/v1/system/config/jwks] # Update with your Domain and Make sure this "/api/v1/system/config/jwks" is always configured to enable JWT tokens AUTHENTICATION_AUTHORITY=https://accounts.google.com AUTHENTICATION_CLIENT_ID={Client ID} # Update with your Google SSO Client ID AUTHENTICATION_CALLBACK_URL=http://localhost:8585/callback diff --git a/openmetadata-docs/content/v1.7.x-SNAPSHOT/deployment/security/keycloak/docker.md b/openmetadata-docs/content/v1.7.x-SNAPSHOT/deployment/security/keycloak/docker.md index 3dd89e9e2ca..531e780331f 100644 --- a/openmetadata-docs/content/v1.7.x-SNAPSHOT/deployment/security/keycloak/docker.md +++ b/openmetadata-docs/content/v1.7.x-SNAPSHOT/deployment/security/keycloak/docker.md @@ -22,41 +22,43 @@ Check the more information about environment variable [here](/deployment/securit ```implicit # Implicit Flow -AUTHORIZER_CLASS_NAME: ${AUTHORIZER_CLASS_NAME:-org.openmetadata.service.security.DefaultAuthorizer} -AUTHORIZER_REQUEST_FILTER: ${AUTHORIZER_REQUEST_FILTER:-org.openmetadata.service.security.JwtFilter} +AUTHORIZER_CLASS_NAME= org.openmetadata.service.security.DefaultAuthorizer +AUTHORIZER_REQUEST_FILTER= org.openmetadata.service.security.JwtFilter AUTHORIZER_ADMIN_PRINCIPALS=[admin] # john.doe from john.doe@example.com AUTHORIZER_PRINCIPAL_DOMAIN=open-metadata.org # Update with your Domain,The primary domain for the organization (example.com from john.doe@example.com). -AUTHENTICATION_CLIENT_ID="{Client ID}" -AUTHENTICATION_PROVIDER=custom-oidc # Use "custom-oidc" for Keycloak -CUSTOM_OIDC_AUTHENTICATION_PROVIDER_NAME=Keycloak # Name of the OIDC provider -AUTHENTICATION_PUBLIC_KEYS=http://{Keycloak-server-URL}/realms/{your-realm}/protocol/openid-connect/certs, http://{OMD-server-domain}/api/v1/system/config/jwks # Update your keyCloak server URL, Realm and openmetadata URL -AUTHENTICATION_CALLBACK_URL="http://localhost:8585/callback" -AUTHENTICATION_AUTHORITY=AUTHENTICATION_AUTHORITY:-http://localhost:8080/realms/{your-realm} -AUTHENTICATION_CLIENT_TYPE=public +AUTHENTICATION_PROVIDER=custom-oidc # Use "custom-oidc" for Keycloak +AUTHENTICATION_CLIENT_ID=testsso +CUSTOM_OIDC_AUTHENTICATION_PROVIDER_NAME=KeyCloak # Name of the OIDC provider +AUTHENTICATION_PUBLIC_KEYS=[http://localhost:8081/auth/realms/data-sec/protocol/openid-connect/certs, https://{your domain}/api/v1/system/config/jwks] # Update with your Domain and Make sure this "/api/v1/system/config/jwks" is always configured to enable JWT tokens +AUTHENTICATION_CALLBACK_URL="http://localhost:8585/callback" +AUTHENTICATION_AUTHORITY={http://localhost:8080/realms/{your-realm}} +AUTHENTICATION_CLIENT_TYPE=public ``` ```authcode # Auth Code Flow -AUTHORIZER_CLASS_NAME: ${AUTHORIZER_CLASS_NAME:-org.openmetadata.service.security.DefaultAuthorizer} -AUTHORIZER_REQUEST_FILTER: ${AUTHORIZER_REQUEST_FILTER:-org.openmetadata.service.security.JwtFilter} +AUTHORIZER_CLASS_NAME= org.openmetadata.service.security.DefaultAuthorizer +AUTHORIZER_REQUEST_FILTER= org.openmetadata.service.security.JwtFilter AUTHORIZER_ADMIN_PRINCIPALS=[admin] # john.doe from john.doe@example.com AUTHORIZER_PRINCIPAL_DOMAIN=open-metadata.org # Update with your Domain,The primary domain for the organization (example.com from john.doe@example.com). -AUTHENTICATION_CLIENT_ID="{Client ID}" + AUTHENTICATION_PROVIDER=custom-oidc # Use "custom-oidc" for Keycloak -CUSTOM_OIDC_AUTHENTICATION_PROVIDER_NAME=Keycloak # Name of the OIDC provider -AUTHENTICATION_PUBLIC_KEYS=http://{Keycloak-server-URL}/realms/{your-realm}/protocol/openid-connect/certs, http://{OMD-server-domain}/api/v1/system/config/jwks # Update your keyCloak server URL, Realm and openmetadata URL -AUTHENTICATION_CALLBACK_URL="http://localhost:8585/callback" -AUTHENTICATION_AUTHORITY=AUTHENTICATION_AUTHORITY:-http://localhost:8080/realms/{your-realm} +CUSTOM_OIDC_AUTHENTICATION_PROVIDER_NAME=KeyCloak # Name of the OIDC provider +AUTHENTICATION_PUBLIC_KEYS=[http://localhost:8081/auth/realms/data-sec/protocol/openid-connect/certs, https://{your domain}/api/v1/system/config/jwks] # Update with your Domain and Make sure this "/api/v1/system/config/jwks" is always configured to enable JWT tokens +AUTHENTICATION_AUTHORITY={http://localhost:8081/auth/realms/data-sec} +AUTHENTICATION_CLIENT_ID=testsso +AUTHENTICATION_CALLBACK_URL="https://{your domain}/callback" AUTHENTICATION_CLIENT_TYPE=confidential -OIDC_CLIENT_ID="{Client ID}" # Replace with your Keycloak client ID +OIDC_CLIENT_ID=testsso # Replace with your Keycloak client ID OIDC_CLIENT_SECRET="{CLIENT_SECRET}" # Replace with your Keycloak client secret OIDC_TYPE="Keycloak" # Specify the OIDC provider (Keycloak) -OIDC_DISCOVERY_URI="http://{Keycloak-server-URL}/realms/{your-realm}/.well-known/openid-configuration" # Keycloak's discovery URI Update your Keycloak's Domain and Realm +OIDC_DISCOVERY_URI="OIDC_DISCOVERY_URI=http://host.docker.internal:8081/realms/openmetadata/.well-known/openid-configuration" # Keycloak's discovery URI Update your Keycloak's Domain and Realm OIDC_CALLBACK="http://localhost:8585/callback" # Callback URL registered in Keycloak OIDC_SERVER_URL="http://localhost:8585" # OpenMetadata server URL ``` + {% /codeWithLanguageSelector %} {% note %} diff --git a/openmetadata-docs/content/v1.7.x-SNAPSHOT/deployment/security/okta/docker.md b/openmetadata-docs/content/v1.7.x-SNAPSHOT/deployment/security/okta/docker.md index e29d95c9e26..0892fc0149d 100644 --- a/openmetadata-docs/content/v1.7.x-SNAPSHOT/deployment/security/okta/docker.md +++ b/openmetadata-docs/content/v1.7.x-SNAPSHOT/deployment/security/okta/docker.md @@ -17,14 +17,14 @@ Check the more information about environment variable [here](/deployment/securit {% codeWithLanguageSelector title="Auth Configuration" id="container-1" languagesArray=["implicit","authcode"] theme="dark" %} -```implicit +``implicit # Implicit Flow AUTHORIZER_CLASS_NAME=org.openmetadata.service.security.DefaultAuthorizer AUTHORIZER_REQUEST_FILTER=org.openmetadata.service.security.JwtFilter AUTHORIZER_ADMIN_PRINCIPALS=[admin] # john.doe from john.doe@example.com AUTHORIZER_PRINCIPAL_DOMAIN=open-metadata.org # Update with your Domain,The primary domain for the organization (example.com from john.doe@example.com). AUTHENTICATION_PROVIDER=okta -AUTHENTICATION_PUBLIC_KEYS={ISSUER_URL}/v1/keys # Update with your Issuer URL +AUTHENTICATION_PUBLIC_KEYS=[{ISSUER_URL}/v1/keys, https://{your domain}/api/v1/system/config/jwks] # Update with your Issuer URL AUTHENTICATION_AUTHORITY={ISSUER_URL} # Update with your Issuer URL AUTHENTICATION_CLIENT_ID={CLIENT_ID} # Update with your Client ID AUTHENTICATION_CALLBACK_URL=http://localhost:8585/callback @@ -38,7 +38,7 @@ AUTHORIZER_REQUEST_FILTER=org.openmetadata.service.security.JwtFilter AUTHORIZER_ADMIN_PRINCIPALS=[admin] # john.doe from john.doe@example.com AUTHORIZER_PRINCIPAL_DOMAIN=open-metadata.org # Update with your Domain,The primary domain for the organization (example.com from john.doe@example.com). AUTHENTICATION_PROVIDER=okta -AUTHENTICATION_PUBLIC_KEYS=[{ISSUER_URL}/v1/keys,{your domain}/api/v1/system/config/jwks] # Update with your Issuer URL and Domain also Make sure this "/api/v1/system/config/jwks" is always configured to enable JWT tokens +AUTHENTICATION_PUBLIC_KEYS=[{ISSUER_URL}/v1/keys, https://{your domain}/api/v1/system/config/jwks] # Update with your Issuer URL and Domain also Make sure this "/api/v1/system/config/jwks" is always configured to enable JWT tokens AUTHENTICATION_AUTHORITY={ISSUER_URL} # Update with your Issuer URL AUTHENTICATION_CLIENT_ID={Client ID} # Update with your Client ID AUTHENTICATION_CALLBACK_URL=http://localhost:8585/callback @@ -51,6 +51,7 @@ OIDC_DISCOVERY_URI: http://{ISSUER_URL}/.well-known/openid-configuration OIDC_CALLBACK: ${OIDC_CALLBACK:-"http://localhost:8585/callback"} ``` + {% /codeWithLanguageSelector %} diff --git a/openmetadata-docs/content/v1.7.x-SNAPSHOT/deployment/security/one-login/docker.md b/openmetadata-docs/content/v1.7.x-SNAPSHOT/deployment/security/one-login/docker.md index 3a7f3d1edeb..d7cacd65929 100644 --- a/openmetadata-docs/content/v1.7.x-SNAPSHOT/deployment/security/one-login/docker.md +++ b/openmetadata-docs/content/v1.7.x-SNAPSHOT/deployment/security/one-login/docker.md @@ -21,7 +21,7 @@ AUTHORIZER_ADMIN_PRINCIPALS=[admin] # Your `name` from name@domain.com AUTHORIZER_PRINCIPAL_DOMAIN=open-metadata.org # Update with your domain AUTHENTICATION_PROVIDER=custom-oidc -AUTHENTICATION_PUBLIC_KEYS=[{public key url}, {your domain}/api/v1/system/config/jwks] # Update with your Domain and Make sure this "/api/v1/system/config/jwks" is always configured to enable JWT tokens +AUTHENTICATION_PUBLIC_KEYS=[{public key url}, https://{your domain}/api/v1/system/config/jwks] # Update with your Domain and Make sure this "/api/v1/system/config/jwks" is always configured to enable JWT tokens AUTHENTICATION_AUTHORITY={issuer url} # Update with your Issuer URL AUTHENTICATION_CLIENT_ID={Client ID} # Update with your Client ID AUTHENTICATION_CALLBACK_URL=http://localhost:8585/callback