mirror of
https://github.com/open-metadata/OpenMetadata.git
synced 2025-10-27 00:31:42 +00:00
0628d01fe4
* chore(docs): Update k8s snippet of Google SSO * chore: Update code snippets for jwks config url * chore(docs): Add a note on JWKS Url Reachability
1.4 KiB
1.4 KiB
| title | slug |
|---|---|
| Amazon Cognito SSO for Bare Metal | /deployment/security/amazon-cognito/bare-metal |
Amazon Cognito SSO for Bare Metal
Update conf/openmetadata.yaml
Once the User pool and App client are created, add the client id to the value of the clientId field in the
openmetadata.yaml file. See the snippet below for an example of where to place the client id value. Also, configure the
publicKeyUrls and authority fields correctly with the User Pool ID from the previous step.
authenticationConfiguration:
provider: "aws-cognito"
publicKeyUrls:
- "https://cognito-idp.us-west-1.amazonaws.com/{User Pool ID}/.well-known/jwks.json"
- "{your domain}/api/v1/system/config/jwks"
authority: "https://cognito-idp.us-west-1.amazonaws.com/{User Pool ID}"
clientId: "{Client ID}"
callbackUrl: "http://localhost:8585/callback"
Then,
- Update
authorizerConfigurationto add login names of the admin users inadminPrincipalssection as shown below. - Update the
principalDomainto your company domain name.
authorizerConfiguration:
className: "org.openmetadata.service.security.DefaultAuthorizer"
# JWT Filter
containerRequestFilter: "org.openmetadata.service.security.JwtFilter"
adminPrincipals:
- "user1"
- "user2"
principalDomain: "open-metadata.org"
{% partial file="/v1.3/deployment/configure-ingestion.md" /%}