yujunjun/OpenMetadata
1
0
Fork 0
mirror of https://github.com/open-metadata/OpenMetadata.git synced 2025-10-30 18:17:53 +00:00
Code Issues Packages Projects Releases Wiki Activity
OpenMetadata/openmetadata-docs/content/v1.0.0/deployment/security/google/bare-metal.md
Sriharsha Chintalapani 3c62ddc561
Fix security configuration docs (#11992)
2023-06-14 19:51:57 -07:00

55 lines
2.1 KiB
Markdown
Raw Blame History

---
title: Google SSO for Bare Metal
slug: /deployment/security/google/bare-metal
---
# Google SSO for Bare Metal
## Update conf/openmetadata.yaml
Once the `Client Id` and `Client Secret` are generated add the `Client Id` in `openmetadata.yaml` file in `client_id` field.
```yaml
authenticationConfiguration:
provider: "google"
publicKeyUrls:
- "https://www.googleapis.com/oauth2/v3/certs"
- "http://openmetadata:8585/api/v1/system/config/jwks"
authority: "https://accounts.google.com"
clientId: "{client id}"
callbackUrl: "http://openmetadata:8585/callback"
```
Then,
- Update `authorizerConfiguration` to add login names of the admin users in `adminPrincipals` section as shown below. Make sure you configure the name from email, example: xyz@helloworld.com, initialAdmins username will be ```xyz```
- Update the ```principalDomain``` to your company domain name. Example from above, principalDomain should be ```helloworld.com```
{% note noteType="Warning" %}
It is important to leave the publicKeys configuration to have both google public keys URL and OpenMetadata public keys URL.
1. Google Public Keys are used to authenticate User's login
2. OpenMetadata JWT keys are used to authenticate Bot's login
3. Important to update the URLs documented in below configuration. The below config reflects a setup where all dependencies are hosted in a single host. Example openmetadata:8585 might not be the same domain you may be using in your installation.
4. OpenMetadata ships default public/private key, These must be changed in your production deployment to avoid any security issues.
For more details, follow [Enabling JWT Authenticaiton](deployment/security/enable-jwt-tokens)
{% /note %}
```yaml
authorizerConfiguration:
className: "org.openmetadata.service.security.DefaultAuthorizer"
# JWT Filter
containerRequestFilter: "org.openmetadata.service.security.JwtFilter"
adminPrincipals:
- "user1"
- "user2"
principalDomain: "open-metadata.org"
```
{% note noteType="Tip" %}
Follow [this guide](/how-to-guides/feature-configurations/bots) to configure the `ingestion-bot` credentials for ingesting data using Connectors.
{% /note %}
Reference in New Issue View Git Blame Copy Permalink