Configure the OAuth server to enable the external authentication server using the
OAuth 2.0 protocol.
Before you begin
- As an administrator, you have obtained OAuth 2.0 client credentials from the
authorization server.
- As an administrator, you have configured the authorization server.
-
You have signed in
as a user assigned to the Administrators or
Security Administrators group.
Procedure
-
Go to .
-
In the Authentication field of the
toolbar, select OAuth from the drop-down
list.
-
Click the Configure
authentication icon next to the drop-down list.
-
In the Connection tab, fill in the
following fields.
Field |
Action |
Client
Id
|
Enter your Client ID. |
Client
Secret
|
Enter your Client Secret. |
Authentication
URI
|
Enter the URI on the external authentication server
that handles the user authentication. The result is an authorization
code, which the application can exchange for an access token and a
refresh token. |
Token
URI
|
Enter the URI on the external authentication server
that exchanges the authentication code for an access token. |
Validation
URI
|
Enter the URI on the external authentication server
that validates the access token and provides access to the user account
|
Scope
|
Enter one or more scope values indicating which
parts of the user’s account an access token permits. |
-
In the Attribute Mappings tab, map the
attributes from the external user account to the Talend Data Catalog user attributes, such as
Login, Full Name, Email or
Groups.
-
In the Request Headers tab, click Add
header and enter extra parameters to be added in the HTTP
requests to the external authentication server.
-
In the Group Mappings tab, map the group
attribute from the external user account to the Talend Data Catalog group name.
To enable the automatic group assignment, you can fill in the
Groups attribute in the Attribute
Mapping tab with the corresponding field name in the user account
information. Talend Data Catalog uses the value of this field as the
security group assignment.
The user account information is returned from the OAuth server to Talend Data
Catalog after the OAuth server validates an access token upon a login request.
You can also map individual values assigned to the OAuth attribute that maps to
the Groups in Talend Data Catalog.
You can use the wildcard ("%") when configuring the group mappings. The % matches
zero or more characters.
When populating an OAuth attribute for group assignment, you switch from native
and manually managed group assignment to OAuth driven and automatic group
assignment for all OAuth users. As an OAuth user, you lose the previous native
group assignment the next time you log in.
When deleting the last OAuth attribute for group assignment, you switch from OAuth
driven group assignment to native group assignment. Any OAuth user will be
associated with the Guest group, until the users are manually assigned to other
groups.
-
Save your changes.
Results
You can log in to
Talend Data Catalog through the authorization
server.