Using SSO to log in to Talend Administration Center - 7.3

Talend Administration Center User Guide

EnrichVersion
7.3
EnrichProdName
Talend Big Data
Talend Big Data Platform
Talend Data Fabric
Talend Data Integration
Talend Data Management Platform
Talend Data Services Platform
Talend ESB
Talend MDM Platform
Talend Real-Time Big Data Platform
EnrichPlatform
Talend Administration Center
task
Administration and Monitoring

Procedure

  1. On the Talend Administration Center, click Go to db config page.
  2. Type in the administrator password (admin by default) in the Database Configuration page and click OK.
    If you want to change the default password that allows you to change the database configuration (recommended), you have to edit the database.config.password parameter value in the configuration.properties file. For more information, see Change the default password used to configure the database.
    After the first connection, the node.identifier property is added in the configuration.properties file, identifying the Talend Administration Center instance connected to the database. The node ID is also shown at the bottom of the tree view of Talend Administration Center.
  3. Click the SSO node, configure it, then click Save to save your changes in the database:

    Field

    Value

    IDP metadata

    Click Launch Upload and upload the Identity Provider metadata file you have previously downloaded from the Identity Provider system.

    Service Provider Entity ID

    Enter the Entity ID of your Service Provider (available in the configuration of the IdP), for example, http://localhost:8080/org.talend.administrator/ssologin.

    IDP Authentication Plugin

    Select the Identity Provider from Okta, ADFS, ADFS3, PingFederate, SiteMinder and Custom plugin in the drop-down list. If Custom plugin is selected, a Upload IDP Authentication Plugin dialog box will be shown prompting you to upload the custom Identity Provider metadata file.

    The jar files provided by Talend are located in the <TomcatPath>/webapps/org.talend.administrator/idp/plugins directory.

    Identity Provider Configuration

    Click Identity Provider Configuration and fill out the required information.

    Example 1: PingFederate
    • PingFederate SSO URL: https://win-350n8gtg2af:9031/idp/startSSO.ping?PartnerSpld=TAC651
    • Basic Adapter Instance ID: BasicAdapter
    Example 2: Okta
    • Okta Organization URL: https://dev-515956.okta.com
    • Okta Embedded URL: https://dev-515956.oktapreview.com/home/talenddev515956_talendadministrationcenter_1/0oacvlcac5j52hFhP0h7/alncvlmpk1VXbYAGu0h7

    Use Role Mapping

    Set the value to true to map the application project types and the user roles with those defined in the Identity Provider system.

    Mapping Configuration

    Click Mapping Configuration and fill in the fields with the corresponding SAML attributes previously set in the Identity Provider system.

    Once you have defined project types/roles at the Identity Provider side, you will not be able to edit them from Talend Administration Center.

    Examples for project types:

    • MDM=MDM; DI = DI; DM=DM; NPA=NPA
    Examples for roles:
    • Talend Administration Center Roles
      • Administrator = tac_admin
      • Operation Manager = tac_om

      Setting the Talend Administration Center roles is mandatory.

    • Talend Data Preparation Free Desktop Roles
      • Administrator = dp_admin
      • Data Preparator = dp_dp
    • Talend Data Stewardship Roles
      • Data Steward = tds_ds

    The project types and roles set in the Identity Provider override the roles set in Talend Administration Center at user login.

    Redirect URL on Logout In the Redirect URL on Logout field, enter the the URL of IDP you want to redirect browser to on logout from Talend Administration Center. If this field is empty, you will be redirected to the default location of Talend Administration Center on logout.
    If your organization does not accept custom attributes in the SAML token, either:
    • Select Show Advanced Configuration in the wizard and, in Path to Value, enter the XPath expression to target the SAML value to map to the corresponding Talend Administration Center object (Project Types, Roles, Email, First Name, Last Name).

      For instance, for DI project type: /saml2p:Response/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='tac.projectType']/saml2:AttributeValue/text()

    • Set Use Role Mapping to false.

      In this case, you cannot create users manually, but the user type and the user roles can be edited in Talend Administration Center.

      When users log in for the first time, their type is No Project access.

  4. If no license or an invalid license is found during the series of checks, you are prompted to specify a license. Click Set new license.
  5. Click Browse to browse to your license file and click Upload.
    The license determines the types of users and projects you can manage in Talend Administration Center. For more information, see What domains can you work in depending on your user type and license.
  6. Upon validation of your license, Talend Administration Center runs a series of checks again, and displays the following options:
    • Set new license: allows you to set a new license by repeating the previous step.
    • Validate your license manually: allows you to validate the loaded license. For more information, see Generating a validation request.
    • Project Check: allows you to migrate existing projects to your new Talend Administration Center.
    • Transfer libraries: allows you to move external libraries stored on SVN or Nexus to the official Nexus repository where libraries are stored. For more information, see Migrating external libraries.
  7. Make sure all the settings are correct, then click Finalize.
    After finalizing the Database Configuration page, the option disappears form the login page. The Database Configuration page cannot be accessed anymore.
    If the license expires, you are redirected to the Database Configuration page by default, but only the license configuration option will be enabled.
    If some settings have to modified after finalization or to migrate external libraries, see Updating parameters after the configuration is finalized.
  8. Click Go to login page and type in the user credentials defined in your Identity Provider in the Login dialog box.
  9. Click Login.
    Talend Administration Center opens up on a welcome page.

    The menus and menu items shown vary according to the edition of Talend Administration Center currently in use. They also vary according to your role.