mirror of
https://github.com/open-metadata/OpenMetadata.git
synced 2025-07-24 09:50:01 +00:00
79af8bf78b
* Update SSO configs * Update security docs to provide clear callback and public key urls
1.7 KiB
1.7 KiB
| title | slug | collate |
|---|---|---|
| Amazon Cognito SSO for Bare Metal | /deployment/security/amazon-cognito/bare-metal | false |
Amazon Cognito SSO for Bare Metal
Update conf/openmetadata.yaml
Once the User pool and App client are created, add the client id to the value of the clientId field in the
openmetadata.yaml file. See the snippet below for an example of where to place the client id value. Also, configure the
publicKeyUrls and authority fields correctly with the User Pool ID from the previous step.
authenticationConfiguration:
provider: "aws-cognito"
publicKeyUrls:
- "https://cognito-idp.us-west-1.amazonaws.com/{User Pool ID}/.well-known/jwks.json"
- "https://{your domain}/api/v1/system/config/jwks"
authority: "https://cognito-idp.us-west-1.amazonaws.com/{User Pool ID}"
clientId: "{Client ID}"
callbackUrl: "https://{your domain}/callback"
{% note %}
AUTHENTICATION_PUBLIC_KEYS and AUTHENTICATION_CALLBACK_URL refers to https://{your domain} this is referring to your OpenMetdata installation domain name
and please make sure to correctly put http or https depending on your installation.
{% /note %}
Then,
- Update
authorizerConfigurationto add login names of the admin users inadminPrincipalssection as shown below. - Update the
principalDomainto your company domain name.
authorizerConfiguration:
className: "org.openmetadata.service.security.DefaultAuthorizer"
# JWT Filter
containerRequestFilter: "org.openmetadata.service.security.JwtFilter"
adminPrincipals:
- "user1"
- "user2"
principalDomain: "open-metadata.org"
{% partial file="/v1.5/deployment/configure-ingestion.md" /%}