yujunjun/OpenMetadata
1
0
Fork 0
mirror of https://github.com/open-metadata/OpenMetadata.git synced 2025-07-19 15:31:59 +00:00
Code Issues Packages Projects Releases Wiki Activity
OpenMetadata/openmetadata-docs-v1/content/v0.13.2/deployment/security/azure/bare-metal.md
Pere Miquel Brull 6fcdf803e6
Prepare Docs V1 structure (#11089) 
* Prepare Docs V1 structure

* Point to the v1.0.0 images dir

* Use the same ssh key

* Use new key

* Add connectors icons

* Update images
2023-04-17 16:45:47 +02:00

2.6 KiB
Raw Blame History

title slug
Azure SSO for Bare Metal /deployment/security/azure/bare-metal

Azure SSO for Bare Metal

Get the Client Id and Tenant ID from Azure Application configured in Step 3.

Get the Azure Service Application Client Id, Client Secret, Authority, Scopes from the information collected in Step 9.

Update conf/openmetadata.yaml

authenticationConfiguration:
  provider: "azure"
  publicKeyUrls:
    - "https://login.microsoftonline.com/common/discovery/keys"
  authority: "https://login.microsoftonline.com/{Tenant ID}"
  clientId: "{Client ID}" # Azure Application
  callbackUrl: "http://localhost:8585/callback"

Then,

  • Update authorizerConfiguration to add login names of the admin users in adminPrincipals section as shown below.
  • Update the principalDomain to your company domain name.
authorizerConfiguration:
  className: "org.openmetadata.service.security.DefaultAuthorizer"
  # JWT Filter
  containerRequestFilter: "org.openmetadata.service.security.JwtFilter"
  adminPrincipals:
    - "user1"
    - "user2"
  principalDomain: "open-metadata.org"

In 0.12.1 the className and containerRequestFilter must replace org.openmetadata.catalog by org.openmetadata.service.

Finally, update the Airflow information:

Before 0.12.1

Once the Client Id and Client Secret are generated for Azure SSO Service Application, add in openmetadata.yaml file for the information collected in Step 9.

airflowConfiguration:
  apiEndpoint: ${AIRFLOW_HOST:-http://localhost:8080}
  username: ${AIRFLOW_USERNAME:-admin}
  password: ${AIRFLOW_PASSWORD:-admin}
  metadataApiEndpoint: ${SERVER_HOST_API_URL:-http://localhost:8585/api}
  authProvider: azure
  authConfig:
    azure:
      clientSecret: ${OM_AUTH_AIRFLOW_AZURE_CLIENT_SECRET:-""}
      authority: ${OM_AUTH_AIRFLOW_AZURE_AUTHORITY_URL:-""}
      scopes: ${OM_AUTH_AIRFLOW_AZURE_SCOPES:-[]}
      clientId: ${OM_AUTH_AIRFLOW_AZURE_CLIENT_ID:-""} # Azure Service Application

After 0.12.1

airflowConfiguration:
  apiEndpoint: ${AIRFLOW_HOST:-http://localhost:8080}
  username: ${AIRFLOW_USERNAME:-admin}
  password: ${AIRFLOW_PASSWORD:-admin}
  metadataApiEndpoint: ${SERVER_HOST_API_URL:-http://localhost:8585/api}

Follow this guide to configure the ingestion-bot credentials for ingesting data from Airflow.