mirror of
https://github.com/open-metadata/OpenMetadata.git
synced 2025-07-09 18:21:23 +00:00
2.4 KiB
2.4 KiB
title | slug |
---|---|
Auth0 SSO for Docker | /deployment/security/auth0/docker |
Auth0 SSO for Docker
To enable security for the Docker deployment, follow the next steps:
1. Create an .env file
Create an openmetadata_auth0.env
file and add the following contents as an example. Use the information
generated when setting up the account.
- Update
AUTHORIZER_ADMIN_PRINCIPALS
to add login names of the admin users in section as shown below. Make sure you configure the name from email, example: xyz@helloworld.com, initialAdmins username will be ```xyz`` - Update the
principalDomain
to your company domain name. Example from above, principalDomain should behelloworld.com
{% note noteType="Warning" %}
It is important to leave the publicKeys configuration to have both Auth0 public keys URL and OpenMetadata public keys URL.
- Auth0 Public Keys are used to authenticate User's login
- OpenMetadata JWT keys are used to authenticate Bot's login
- Important to update the URLs documented in below configuration. The below config reflects a setup where all dependencies are hosted in a single host. Example openmetadata:8585 might not be the same domain you may be using in your installation.
- OpenMetadata ships default public/private key, These must be changed in your production deployment to avoid any security issues.
For more details, follow Enabling JWT Authenticaiton
{% /note %}
# OpenMetadata Server Authentication Configuration
AUTHORIZER_CLASS_NAME=org.openmetadata.service.security.DefaultAuthorizer
AUTHORIZER_REQUEST_FILTER=org.openmetadata.service.security.JwtFilter
AUTHORIZER_ADMIN_PRINCIPALS=[admin] # Your `name` from name@domain.com
AUTHORIZER_PRINCIPAL_DOMAIN=open-metadata.org # Update with your domain
AUTHENTICATION_PROVIDER=auth0
AUTHENTICATION_PUBLIC_KEYS=[{Domain}/.well-known/jwks.json, http://localhost:8585/api/v1/system/config/jwks] # Update with your Domain
AUTHENTICATION_AUTHORITY={Domain} # Update with your Domain
AUTHENTICATION_CLIENT_ID={Client ID} # Update with your Client ID
AUTHENTICATION_CALLBACK_URL=http://localhost:8585/callback
{% note noteType="Tip" %}
Follow this guide to configure the ingestion-bot
credentials for ingesting data using Connectors.
{% /note %}
2. Start Docker
docker compose --env-file ~/openmetadata_auth0.env up -d