Configure user authentication for Talend Studio remote projects and Job Conductor using Talend Administration Center - 7.3

Talend Installation Guide

Version
7.3
Language
English
Operating system
Linux
Subscription type
Subscription
Product
Talend Big Data
Talend Big Data Platform
Talend Data Fabric
Talend Data Integration
Talend Data Management Platform
Talend Data Services Platform
Talend ESB
Talend MDM Platform
Talend Real-Time Big Data Platform
Module
Talend Activity Monitoring Console
Talend Administration Center
Talend Artifact Repository
Talend CommandLine
Talend Data Preparation
Talend Data Stewardship
Talend DQ Portal
Talend ESB
Talend Identity and Access Management
Talend Installer
Talend JobServer
Talend LogServer
Talend MDM Server
Talend MDM Web UI
Talend Repository Manager
Talend Runtime
Talend SAP RFC Server
Talend Studio
Content
Installation and Upgrade
Last publication date
2022-10-30

Talend JobServer uses Talend Administration Center based authentication for Talend Studio remote projects and for the Job Conductor in Talend Administration Center.

The authentication mode based on Talend Administration Center replaces the user authentication based on the users.csv file.

Talend Administration Center checks:
  • whether the user is authorized to work with the project the Job belongs to, and
  • if this project is associated to the specific Talend JobServer.

Procedure

  1. Open TalendJobServer.properties and uncomment the following line:
    #org.talend.remote.jobserver.commons.config.JobServerConfiguration.TAC_URLS=http://host1:8080/org.talend.administrator,http://host2:8080/org.talend.administrator

    If the line is commented out, you will not be able to authenticate.

  2. Specify the Talend Administration Center URL of the Talend Administration Center instance to use for authorization.

    If you have set up a cluster involving multiple Talend Administration Center instances in your Talend system to provide high availability, specify a comma-separated list of Talend Administration Center instances.

    Talend JobServer will randomly choose an instance from this list and perform an automatic fail over in case of a connection problem.

If the specified Talend Administration Center instances run in https, configure secure connections to Talend Administration Center.

  1. Configure TLS/SSL in Talend Administration Center.
  2. Generate a KeyStore in .jks format:
    1. Connect to Talend Administration Center in a browser using https.
    2. Click on the HTTPS certificate chain > lock icon > Certificate Details.
    3. Export the server's certificate from the server KeyStore to a tacCert.cert certificate file.
    4. Use the following command to import the certificate into the KeyStore tacTrustStore.jks:
      keytool -import -noprompt -file <path_to_tacCert.cert> -alias tacCert -keystore tacTrustStore.jks -storepass password
  3. Edit the Talend JobServer start script start_rs.sh to set the JVM arguments to trust the Talend Administration Center certificate:
    MY_JMV_ARGS="-Djavax.net.ssl.trustStore=/path/tacTrustStore.jks -Djavax.net.ssl.trustStorePassword=password"