mirror of https://github.com/open-metadata/OpenMetadata.git synced 2025-07-12 03:29:53 +00:00

Sriharsha Chintalapani 79af8bf78b

Update SSO configs to show clear URLs for callback and public keys (#18127 )

* Update SSO configs

* Update security docs to provide clear callback and public key urls

2024-10-07 15:26:10 +05:30

1.5 KiB

Raw Blame History

title	slug	collate
Okta SSO for Kubernetes	/deployment/security/okta/kubernetes	false

Okta SSO for Kubernetes

Check the Helm information here.

Once the Client Id is generated, see the snippet below for an example of where to place the client id value and update the authorizer configurations in the values.yaml.

This can be found in Okta -> Applications -> Applications, Refer to Step 3 for Creating Service Application.

openmetadata:
  config:
    authorizer:
      className: "org.openmetadata.service.security.DefaultAuthorizer"
      containerRequestFilter: "org.openmetadata.service.security.JwtFilter"
      initialAdmins:
      - "user1"
      - "user2"
      principalDomain: "open-metadata.org"
    authentication:
      provider: "okta"
      publicKeys:
      - "{your domain}/api/v1/system/config/jwks" # Update with your Domain and Make sure this "/api/v1/system/config/jwks" is always configured to enable JWT tokens
      - "{ISSUER_URL}/v1/keys"
      authority: "{ISSUER_URL}"
      clientId: "{CLIENT_ID - SPA APP}"
      callbackUrl: "https://{your domain}/callback"

{% note %}

AUTHENTICATION_PUBLIC_KEYS and AUTHENTICATION_CALLBACK_URL refers to https://{your domain} this is referring to your OpenMetdata installation domain name and please make sure to correctly put http or https depending on your installation.

{% /note %}

{% partial file="/v1.5/deployment/configure-ingestion.md" /%}

1.5 KiB Raw Blame History

Okta SSO for Kubernetes

1.5 KiB

Raw Blame History