mirror of https://github.com/open-metadata/OpenMetadata.git synced 2025-07-12 11:39:39 +00:00

Pere Miquel Brull 222a8f8984

[Docs] - SSO updates & Connectors workflow config (#12241 )

* Rename docs and clean SSO

* Add connector partials

* Add connector partials

* Rename path

2023-06-30 12:25:11 +02:00

1.4 KiB

Raw Blame History

title	slug
Keycloak SSO for Kubernetes	/deployment/security/keycloak/kubernetes

Keycloak SSO for Kubernetes

Check the Helm information here.

Once the Client Id and Client Secret are generated, see the snippet below for an example of where to place the client id value and update the authorizer configurations in the values.yaml.

Create a secret in kubernetes with the client secret:

kubectl create secret generic custom-oidc-key-secret --namespace=dev-open-metadata --from-literal=custom-oidc-key-secret=<change-for-your-secret>

The configuration below already uses the presets shown in the example of keycloak configurations, you can change to yours.

openmetadata:
  config:
    authorizer:
      className: "org.openmetadata.service.security.DefaultAuthorizer"
      containerRequestFilter: "org.openmetadata.service.security.JwtFilter"
      initialAdmins:
        - "admin-user"
      principalDomain: "open-metadata.org"
    authentication:
      provider: "custom-oidc"
      publicKeys:
      - "http://openmetadata:8585/api/v1/config/jwks"
      - "http://localhost:8081/auth/realms/data-sec/protocol/openid-connect/certs"
      authority: "http://localhost:8081/auth/realms/data-sec"
      clientId: "{Client ID}"
      callbackUrl: "http://localhost:8585/callback"

{% partial file="configure-ingestion.md" /%}

1.4 KiB Raw Blame History

Keycloak SSO for Kubernetes

1.4 KiB

Raw Blame History