yujunjun/OpenMetadata
1
0
Fork 0
mirror of https://github.com/open-metadata/OpenMetadata.git synced 2025-07-13 12:08:47 +00:00
Code Issues Packages Projects Releases Wiki Activity
OpenMetadata/openmetadata-docs-v1/content/v0.13.2/deployment/security/okta/kubernetes.md
Pere Miquel Brull 6fcdf803e6
Prepare Docs V1 structure (#11089) 
* Prepare Docs V1 structure

* Point to the v1.0.0 images dir

* Use the same ssh key

* Use new key

* Add connectors icons

* Update images
2023-04-17 16:45:47 +02:00

2.4 KiB
Raw Blame History

title slug
Okta SSO for Kubernetes /deployment/security/okta/kubernetes

Okta SSO for Kubernetes

Check the Helm information here.

Once the Client Id and Client Secret are generated, see the snippet below for an example of where to place the client id value and update the authorizer configurations in the values.yaml.

This can be found in Okta -> Applications -> Applications, Refer to Step 3 for Creating Service Application.

Before 0.12.1

global:
  authorizer:
    className: "org.openmetadata.service.security.DefaultAuthorizer"
    containerRequestFilter: "org.openmetadata.service.security.JwtFilter"
    initialAdmins:
      - "user1"
      - "user2"
    principalDomain: "open-metadata.org"
  authentication:
    provider: "okta"
    publicKeys:
      - "{ISSUER_URL}/v1/keys"
    authority: "{ISSUER_URL}"
    clientId: "{CLIENT_ID - SPA APP}"
    callbackUrl: "http://localhost:8585/callback"
  airflow:
    openmetadata:
      authProvider: "okta"
      okta:
        clientId: ""
        orgUrl: ""
        privateKey:
          secretRef: okta-client-private-key-secret
          secretKey: okta-client-private-key-secret
        email: ""
        scopes: [ ]

After 0.12.1

global:
  authorizer:
    className: "org.openmetadata.service.security.DefaultAuthorizer"
    containerRequestFilter: "org.openmetadata.service.security.JwtFilter"
    initialAdmins:
      - "user1"
      - "user2"
    botPrincipals:
      - ingestion-bot
      - "<service_application_client_id>"
    principalDomain: "open-metadata.org"
  authentication:
    provider: "okta"
    publicKeys:
      - "{ISSUER_URL}/v1/keys"
    authority: "{ISSUER_URL}"
    clientId: "{CLIENT_ID - SPA APP}"
    callbackUrl: "http://localhost:8585/callback"

After 0.13.0

global:
  authorizer:
    className: "org.openmetadata.service.security.DefaultAuthorizer"
    containerRequestFilter: "org.openmetadata.service.security.JwtFilter"
    initialAdmins:
      - "user1"
      - "user2"
    principalDomain: "open-metadata.org"
  authentication:
    provider: "okta"
    publicKeys:
      - "{ISSUER_URL}/v1/keys"
    authority: "{ISSUER_URL}"
    clientId: "{CLIENT_ID - SPA APP}"
    callbackUrl: "http://localhost:8585/callback"

Note: Follow this guide to configure the ingestion-bot credentials for ingesting data from Airflow.