Skip to main content

Configuring SAML external authentication

SAML (Security Assertion Markup Language) is an XML-based standard for exchanging authentication and authorization data between an identity provider (IdP) and a service provider (SP).

SAML requesters and responders communicate by exchanging messages. The mechanism to transport these messages is called a SAML binding. Talend Data Catalog supports HTTP redirect and HTTP POST SAML bindings.

You can always login using the administrator rescue login URL: http://<host>:<port>/MM/Auth?nativeLogin, where <port> is the HTTP port that Talend Data Catalog responds to.

Here is an example of the SAML authentication workflow, where Talend Data Catalog is the service provider:
  1. You try to login to Talend Data Catalog using a browser.
  2. Talend Data Catalog generates a SAML authentication request, signs and sends it directly to the identity provider using the HTTP-Redirect binding.
  3. Talend Data Catalog redirects the browser to the identity provider for authentication.
  4. The identity provider verifies the received SAML authentication request and if valid, presents a login page to enter your username and password.
  5. The identity provider generates a SAML Assertion (also known as a SAML Token) once you have successfully logged in. It sends it directly to a Talend Data Catalog assertion consumer service, such as Talend Data Catalog Authentication Servlet, using the HTTP-POST Binding.
  6. The identity provider redirects you back to Talend Data Catalog once the assertion is successfully parsed and validated.
  7. Talend Data Catalog verifies the SAML assertion, extracts your identity from it, assigns the correct permissions and logs you in to the service.

Did this page help you?

If you find any issues with this page or its content – a typo, a missing step, or a technical error – let us know how we can improve!