Talend JobServer uses Talend Administration Center based authentication for
Talend Studio remote projects and
for the Job Conductor in Talend Administration Center.
The authentication mode based on Talend Administration Center replaces the user
authentication based on the users.csv file.
Talend Administration Center checks:
- whether the user is authorized to work with the project the Job belongs to, and
- if this project is associated to the specific Talend JobServer.
Procedure
-
Open TalendJobServer.properties and uncomment the
following line:
#org.talend.remote.jobserver.commons.config.JobServerConfiguration.TAC_URLS=http://host1:8080/org.talend.administrator,http://host2:8080/org.talend.administrator
If the line is commented out, you will not be able to
authenticate.
-
Specify the Talend Administration Center URL
of the Talend Administration Center instance to
use for authorization.
If you have set up a cluster involving multiple Talend Administration Center instances in your
Talend system to
provide high availability, specify a comma-separated list of Talend Administration Center instances.
Talend JobServer will randomly
choose an instance from this list and perform an automatic fail over in case
of a connection problem.
If the specified Talend Administration Center instances run in
https
, configure secure connections to Talend Administration Center.
-
Configure TLS/SSL in Talend Administration Center.
-
Generate a KeyStore in .jks format:
-
Connect to Talend Administration Center in a browser using
https
.
-
Click on the .
-
Export the server's certificate from the server KeyStore to a
tacCert.cert certificate file.
-
Use the following command to import the certificate into the KeyStore
tacTrustStore.jks:
keytool -import -noprompt -file <path_to_tacCert.cert> -alias tacCert -keystore tacTrustStore.jks -storepass password
-
Edit the Talend JobServer start
script start_rs.sh to set the JVM arguments to trust the
Talend Administration Center
certificate:
MY_JMV_ARGS="-Djavax.net.ssl.trustStore=/path/tacTrustStore.jks -Djavax.net.ssl.trustStorePassword=password"