Configuring the SAML server - 7.1

Talend Data Catalog Administration Guide

EnrichVersion
7.1
EnrichProdName
Talend Big Data Platform
Talend Data Fabric
Talend Data Management Platform
Talend Data Services Platform
Talend MDM Platform
Talend Real-Time Big Data Platform
EnrichPlatform
Talend Data Catalog
task
Administration and Monitoring
Configure the SAML server to enable the external authentication server using the SAML 2.0 protocol.

Before you begin

  • As an administrator, you have configured the Talend Data Catalog application in your identity provider system.
  • As an administrator, you have set up the users and the user attributes of your application in your identity provider system.
  • You have signed in as a user assigned to the Administrators or Security Administrators group.

Procedure

  1. Go to Tools > Administration from Metadata Manager or to MANAGE from Metadata Explorer.
  2. Select Users.
  3. On the toolbar, select SAML2 External Authentication to enable the SAML external authentication mode.
  4. Click the Configure SAML Server icon.
  5. Fill in the required information to link Talend Data Catalog to your identity provider.
    Field Action
    IdP Entity ID Enter the unique name for your identity provider.

    Click the User Attribute Mapping button to map the attributes from the external user account to the Talend Data Catalog user attributes, such as Login, Full Name or Email.

    X509 Certificate Enter the public X509 certificate of your identity provider which allows Talend Data Catalog to verify the signatures and establish trust in the exchanged messages.
    SSO HTTP-POST Binding URI Enter the HTTP-POST Binding URI, such as https://idp.example.org/SAML2/SSO/POST.

    The identity provider returns the SAML response to a Talend Data Catalog assertion consumer service using the HTTP-POST Binding.

    Note:

    As Talend Data Catalog does not have the private key of the identity provider, the SAML assertion received by Talend Data Catalog can be signed but not encrypted.

    To validate the signature, Talend Data Catalog only needs the identity provider’s public key. The assertion requires to be signed, so that Talend Data Catalog can verify that the assertion contents have not been altered in transit.

    SSO HTTP-Redirect Binding URI Enter the HTTP-Redirect Binding URI, such as https://idp.example.org/SAML2/SSO/Redirect.

    Talend Data Catalog sends a SAML authentication request to the identity provider SSO service using the HTTP-Redirect Binding.

    Note: As Talend Data Catalog does not have the private key of the identity provider, the SAML authentication request sent by Talend Data Catalog is neither signed nor encrypted. Since the request usually does not contain much private data, there is little need to encrypt the SAML request.
  6. Click Save.

Results

You can log in to Talend Data Catalog through your identity provider.