yujunjun/OpenMetadata
1
0
Fork 0
mirror of https://github.com/open-metadata/OpenMetadata.git synced 2025-08-23 00:18:06 +00:00
Code Issues Packages Projects Releases Wiki Activity
OpenMetadata/openmetadata-docs/content/v1.1.0-snapshot/deployment/security/one-login/kubernetes.md
Akash Jain 72bb254342
fix(docs): kubernetes docs for breaking changes for 1.1.0 (#12215) 
* update global.* to openmetadata.config.*

* update values

* fix typo

* Add more docs

* elastic search application version related docs update
2023-06-28 20:20:19 -07:00

2.9 KiB
Raw Blame History

title slug
OneLogin SSO for Kubernetes /deployment/security/one-login/kubernetes

One Login SSO for Kubernetes

Check the Helm information here.

Once the Client Id and Client Secret are generated, see the snippet below for an example of where to place the client id value and update the authorizer configurations in the values.yaml.

Before 0.12.1

global:
  authorizer:
    className: "org.openmetadata.service.security.DefaultAuthorizer"
    # JWT Filter
    containerRequestFilter: "org.openmetadata.service.security.JwtFilter"
    initialAdmins: 
    - "suresh"
    principalDomain: "open-metadata.org"
  authentication:
    provider: "custom-oidc"
    publicKeys: 
    - "{IssuerUrl}/certs"
    authority: "{IssuerUrl}"
    clientId: "{client id}"
    callbackUrl: "http://localhost:8585/callback"
  airflow:
    openmetadata:
      authProvider: "custom-oidc"
      customOidc:
        clientId: ""
        # absolute path of secret file on airflow instance
        secretKeyPath: ""
        tokenEndpoint: ""

After 0.12.1

global:
  authorizer:
    className: "org.openmetadata.service.security.DefaultAuthorizer"
    # JWT Filter
    containerRequestFilter: "org.openmetadata.service.security.JwtFilter"
    initialAdmins: 
    - "suresh"
    principalDomain: "open-metadata.org"
  authentication:
    provider: "custom-oidc"
    publicKeys:
    - "http://openmetadata:8585/api/v1/config/jwks"
    - "{IssuerUrl}/certs"
    authority: "{IssuerUrl}"
    clientId: "{client id}"
    callbackUrl: "http://localhost:8585/callback"

After 1.1.0

openmetadata:
  config:
    authorizer:
      className: "org.openmetadata.service.security.DefaultAuthorizer"
      # JWT Filter
      containerRequestFilter: "org.openmetadata.service.security.JwtFilter"
      initialAdmins: 
      - "suresh"
      principalDomain: "open-metadata.org"
    authentication:
      provider: "custom-oidc"
      publicKeys:
      - "http://openmetadata:8585/api/v1/config/jwks"
      - "{IssuerUrl}/certs"
      authority: "{IssuerUrl}"
      clientId: "{client id}"
      callbackUrl: "http://localhost:8585/callback"

After 1.1.0

openmetadata:
  config:
    authorizer:
      className: "org.openmetadata.service.security.DefaultAuthorizer"
      # JWT Filter
      containerRequestFilter: "org.openmetadata.service.security.JwtFilter"
      initialAdmins: 
      - "suresh"
      principalDomain: "open-metadata.org"
    authentication:
      provider: "custom-oidc"
      publicKeys:
      - "http://openmetadata:8585/api/v1/config/jwks"
      - "{IssuerUrl}/certs"
      authority: "{IssuerUrl}"
      clientId: "{client id}"
      callbackUrl: "http://localhost:8585/callback"

Note: Follow this guide to configure the ingestion-bot credentials for ingesting data from Airflow.