yujunjun/OpenMetadata
1
0
Fork 0
mirror of https://github.com/open-metadata/OpenMetadata.git synced 2025-09-25 08:50:18 +00:00
Code Issues Packages Projects Releases Wiki Activity
OpenMetadata/openmetadata-docs/content/v1.0.x/deployment/security/azure/bare-metal.md
Mohit Yadav dbd9f1381a
[DOCS] Update Troublesbooting docs for SSL to new env and keys (#14654) 
* Update Troublesbooting docs for SSL to new env and keys in openmetadata.yaml

* Update PipelineServiceClientConfig
2024-01-09 07:54:56 -08:00

3.3 KiB
Raw Blame History

title slug
Azure SSO for Bare Metal /deployment/security/azure/bare-metal

Azure SSO for Bare Metal

Get the Client Id and Tenant ID from Azure Application configured in Step 3.

Get the Azure Service Application Client Id, Client Secret, Authority, Scopes from the information collected in Step 9.

Update conf/openmetadata.yaml

authenticationConfiguration:
  provider: "azure"
  publicKeyUrls:
    - "https://login.microsoftonline.com/common/discovery/keys"
  authority: "https://login.microsoftonline.com/{Tenant ID}"
  clientId: "{Client ID}" # Azure Application
  callbackUrl: "http://localhost:8585/callback"

Then,

  • Update authorizerConfiguration to add login names of the admin users in adminPrincipals section as shown below.
  • Update the principalDomain to your company domain name.
authorizerConfiguration:
  className: "org.openmetadata.service.security.DefaultAuthorizer"
  # JWT Filter
  containerRequestFilter: "org.openmetadata.service.security.JwtFilter"
  adminPrincipals:
    - "user1"
    - "user2"
  principalDomain: "open-metadata.org"

In 0.12.1 the className and containerRequestFilter must replace org.openmetadata.catalog by org.openmetadata.service.

Finally, update the Airflow information:

Before 0.12.1

Once the Client Id and Client Secret are generated for Azure SSO Service Application, add in openmetadata.yaml file for the information collected in Step 9.

airflowConfiguration:
  apiEndpoint: ${AIRFLOW_HOST:-http://localhost:8080}
  username: ${AIRFLOW_USERNAME:-admin}
  password: ${AIRFLOW_PASSWORD:-admin}
  metadataApiEndpoint: ${SERVER_HOST_API_URL:-http://localhost:8585/api}
  authProvider: azure
  authConfig:
    azure:
      clientSecret: ${OM_AUTH_AIRFLOW_AZURE_CLIENT_SECRET:-""}
      authority: ${OM_AUTH_AIRFLOW_AZURE_AUTHORITY_URL:-""}
      scopes: ${OM_AUTH_AIRFLOW_AZURE_SCOPES:-[]}
      clientId: ${OM_AUTH_AIRFLOW_AZURE_CLIENT_ID:-""} # Azure Service Application

After 0.12.1

pipelineServiceClientConfiguration:
  apiEndpoint: ${PIPELINE_SERVICE_CLIENT_ENDPOINT:-http://localhost:8080}
  metadataApiEndpoint: ${SERVER_HOST_API_URL:-http://localhost:8585/api}
  ingestionIpInfoEnabled: ${PIPELINE_SERVICE_IP_INFO_ENABLED:-false}
  hostIp: ${PIPELINE_SERVICE_CLIENT_HOST_IP:-""}
  verifySSL: ${PIPELINE_SERVICE_CLIENT_VERIFY_SSL:-"no-ssl"} # Possible values are "no-ssl", "ignore", "validate"
  sslConfig:
    certificatePath: ${PIPELINE_SERVICE_CLIENT_SSL_CERT_PATH:-""} # Local path for the Pipeline Service Client

  # Default required parameters for Airflow as Pipeline Service Client
  parameters:
    username: ${AIRFLOW_USERNAME:-admin}
    password: ${AIRFLOW_PASSWORD:-admin}
    timeout: ${AIRFLOW_TIMEOUT:-10}
    # If we need to use SSL to reach Airflow
    truststorePath: ${AIRFLOW_TRUST_STORE_PATH:-""}
    truststorePassword: ${AIRFLOW_TRUST_STORE_PASSWORD:-""}

{% note %}

Follow this guide to configure the ingestion-bot credentials for ingesting data from Airflow.

{% /note %}