mirror of
https://github.com/open-metadata/OpenMetadata.git
synced 2025-07-08 17:50:28 +00:00
34fbe5d64c
* DOCS - Prepare 1.7 Release and 1.8 SNAPSHOT * DOCS - Prepare 1.7 Release and 1.8 SNAPSHOT
89 lines
3.4 KiB
Markdown
89 lines
3.4 KiB
Markdown
---
|
|
title: Auth0 SSO for Kubernetes
|
|
slug: /deployment/security/auth0/kubernetes
|
|
collate: false
|
|
---
|
|
|
|
# Auth0 SSO for Kubernetes
|
|
|
|
Check the Helm information [here](https://artifacthub.io/packages/search?repo=open-metadata).
|
|
Check the more information about environment variable [here](/deployment/security/configuration-parameters).
|
|
|
|
Here is an example for reference, showing where to place the values in the `values.yaml` file after setting up your Auth0 account and obtaining the application credentials.
|
|
|
|
{% codeWithLanguageSelector title="Auth Configuration" id="container-1" languagesArray=["implicit","authcode"] theme="dark" %}
|
|
|
|
```implicit
|
|
# Public Flow
|
|
|
|
openmetadata:
|
|
config:
|
|
authorizer:
|
|
className: "org.openmetadata.service.security.DefaultAuthorizer"
|
|
containerRequestFilter: "org.openmetadata.service.security.JwtFilter"
|
|
initialAdmins: # john.doe from john.doe@example.com
|
|
- "admin"
|
|
- "user1"
|
|
- "user2"
|
|
principalDomain: "open-metadata.org" # Update with your Domain,The primary domain for the organization (example.com from john.doe@example.com).
|
|
|
|
authentication:
|
|
clientType: public
|
|
provider: "auth0"
|
|
publicKeys:
|
|
- "{your domain}/api/v1/system/config/jwks" # Update with your Domain and Make sure this "/api/v1/system/config/jwks" is always configured to enable JWT tokens
|
|
- "{Auth0 Domain Name}/.well-known/jwks.json"
|
|
authority: "{Your Auth0 Domain}" # The base URL of the authentication provider.
|
|
clientId: "{Client ID}"
|
|
callbackUrl: "http://localhost:8585/callback"
|
|
```
|
|
|
|
```authcode
|
|
# Auth Code Flow
|
|
|
|
openmetadata:
|
|
config:
|
|
authorizer:
|
|
className: "org.openmetadata.service.security.DefaultAuthorizer"
|
|
containerRequestFilter: "org.openmetadata.service.security.JwtFilter"
|
|
initialAdmins: # john.doe from john.doe@example.com
|
|
- "admin"
|
|
- "user1"
|
|
- "user2"
|
|
principalDomain: "open-metadata.org" # Update with your Domain,The primary domain for the organization (example.com from john.doe@example.com).
|
|
|
|
authentication:
|
|
clientType: confidential
|
|
provider: "auth0"
|
|
publicKeys: # List of URLs providing public keys for verifying JWT tokens.
|
|
- "{Your Domain}/api/v1/system/config/jwks" # Update with your Domain and Make sure this "/api/v1/system/config/jwks" is always configured to enable JWT tokens
|
|
- "{Auth0 Domain Name}/.well-known/jwks.json
|
|
authority: "{Your Auth0 Domain}" # The base URL of the authentication provider.
|
|
clientId: "{Client ID}" # Update your Client ID
|
|
callbackUrl: "http://localhost:8585/callback"
|
|
oidcConfiguration:
|
|
oidcType: "Auth0"
|
|
clientId:
|
|
secretRef: oidc-secrets
|
|
secretKey: openmetadata-oidc-client-id
|
|
clientSecret:
|
|
secretRef: oidc-secrets
|
|
secretKey: openmetadata-oidc-client-secret
|
|
discoveryUri: "{Domain name}/.well-known/openid-configuration" # Update your Auth0 Domain
|
|
callbackUrl: http://localhost:8585/callback
|
|
serverUrl: http://localhost:8585
|
|
```
|
|
|
|
{% /codeWithLanguageSelector %}
|
|
|
|
{% partial file="/v1.8/deployment/configure-ingestion.md" /%}
|
|
|
|
{% inlineCalloutContainer %}
|
|
{% inlineCallout
|
|
color="violet-70"
|
|
icon="MdArrowBack"
|
|
bold="Auth"
|
|
href="/deployment/security/auth0" %}
|
|
Go to Auth0 Configuration
|
|
{% /inlineCallout %}
|
|
{% /inlineCalloutContainer %} |