Auth0 SSO for Bare Metal
Update conf/openmetadata.yaml
Inopenmetadata.yaml file and use the following example as a reference. Replace the placeholder values with the details generated during your Auth0 account and application credentials setup.
Check the more information about environment variable here.
- implicit
- authcode
# Implicit Flow Configuration
authorizerConfiguration:
className: "org.openmetadata.service.security.DefaultAuthorizer"
containerRequestFilter: "org.openmetadata.service.security.JwtFilter"
adminPrincipals:
- "admin" # Administrator email prefix (e.g., "admin" from "admin@domain.com")
- "user1" # Additional administrator email prefix
- "user2" # Additional administrator email prefix
principalDomain: "open-metadata.org" # Primary domain for your organization (e.g., "yourdomain.com")
principalDomain: "open-metadata.org" # Update with your Domain,The primary domain for the organization (example.com from john.doe@example.com).
authenticationConfiguration:
provider: "auth0" # Authentication provider, set to "auth0"
publicKeyUrls:
- "https://{Auth0 Domain Name}/.well-known/jwks.json" # Replace {Auth0 Domain Name} with your Auth0 domain
- "{Your OMD Server URL}/api/v1/system/config/jwks" # Replace {Your OMD Server URL} with your OpenMetadata server URL
authority: "https://{Your Auth0 Domain}" # Base URL of your Auth0 domain
clientId: "{Client ID}" # Auth0 Client ID for your application
callbackUrl: "http://localhost:8585/callback" # Callback URL for OpenMetadata authentication
clientType: "public" # Set to "public" for implicit flow
# Auth Code Flow Configuration
authorizerConfiguration:
className: "org.openmetadata.service.security.DefaultAuthorizer"
containerRequestFilter: "org.openmetadata.service.security.JwtFilter"
adminPrincipals:
- "admin" # Administrator email prefix (e.g., "admin" from "admin@domain.com")
- "user1" # Additional administrator email prefix
- "user2" # Additional administrator email prefix
principalDomain: "open-metadata.org" # Primary domain for your organization (e.g., "yourdomain.com")
authenticationConfiguration:
provider: "auth0" # Authentication provider, set to "auth0"
publicKeyUrls:
- "https://{Auth0 Domain Name}/.well-known/jwks.json" # Replace {Auth0 Domain Name} with your Auth0 domain
- "{Your OMD Server URL}/api/v1/system/config/jwks" # Replace {Your OMD Server URL} with your OpenMetadata server URL
authority: "https://{Your Auth0 Domain}" # Base URL of your Auth0 domain
clientId: "{Client ID}" # Auth0 Client ID for your application
callbackUrl: "http://localhost:8585/callback" # Callback URL for OpenMetadata authentication
clientType: "confidential" # Set to "confidential" for auth code flow
oidcConfiguration:
id: "{Client ID}" # Auth0 Client ID for your application
type: "auth0" # Ensure this matches your provider type
secret: "{Client Secret}" # Auth0 Client Secret for your application
discoveryUri: "https://{Auth0 Domain Name}/.well-known/openid-configuration"
# Discovery URI for OpenID configuration; replace {Auth0 Domain Name} with your Auth0 domain
callbackUrl: "http://localhost:8585/callback" # Callback URL for OpenMetadata authentication
serverUrl: "http://localhost:8585" # OpenMetadata server URL; update for production environments
Configure Ingestion
Once your server security is set, it’s time to review the ingestion configuration. Our bots support JWT tokens to authenticate to the server when sending requests. Find more information on Enabling JWT Tokens and JWT Troubleshooting to ensure seamless authentication.Auth
Go to Auth0 Configuration