Configuring SAML external authentication - Cloud

Talend Cloud Data Catalog Administration Guide

EnrichVersion
Cloud
EnrichProdName
Talend Cloud
EnrichPlatform
Talend Data Catalog
task
Administration and Monitoring
Data Governance

SAML (Security Assertion Markup Language) is an XML-based standard for exchanging authentication and authorization data between an identity provider (IdP) and a service provider (SP).

SAML requesters and responders communicate by exchanging messages. The mechanism to transport these messages is called a SAML binding. Talend Cloud Data Catalog supports HTTP redirect and HTTP POST SAML bindings.

You can always login using the administrator rescue login URL: http://<host>:<port>/MM/Auth?nativeLogin, where <port> is the HTTP port that Talend Cloud Data Catalog responds to.

Here is an example of the SAML authentication workflow, where Talend Cloud Data Catalog is the service provider:
  1. You try to login to Talend Cloud Data Catalog using a browser.
  2. Talend Cloud Data Catalog generates a SAML authentication request, signs and sends it directly to the identity provider using the HTTP-Redirect binding.
  3. Talend Cloud Data Catalog redirects the browser to the identity provider for authentication.
  4. The identity provider verifies the received SAML authentication request and if valid, presents a login page to enter your username and password.
  5. The identity provider generates a SAML Assertion (also known as a SAML Token) once you have successfully logged in. It sends it directly to a Talend Cloud Data Catalog assertion consumer service, such as Talend Cloud Data Catalog Authentication Servlet, using the HTTP-POST Binding.

  6. The identity provider redirects you back to Talend Cloud Data Catalog once the assertion is successfully parsed and validated.
  7. Talend Cloud Data Catalog verifies the SAML assertion, extracts your identity from it, assigns the correct permissions and logs you in to the service.