Setting up the security management system in Security Token Service - 7.1

Talend ESB STS User Guide

author
Talend Documentation Team
EnrichVersion
7.1
EnrichProdName
Talend Data Fabric
Talend Data Services Platform
Talend ESB
Talend MDM Platform
Talend Open Studio for ESB
Talend Real-Time Big Data Platform
task
Design and Development
Installation and Upgrade
EnrichPlatform
Talend ESB
Talend Runtime

The Security Token Service is provided with all versions of Talend ESB, however the security management system behind it is different in the community and in the subscription version. For the community version, Talend Open Studio for ESB, the security service is managed via the JAAS authentication handler, whereas for the subscription version, Talend ESB, the security service is, by default, managed by the Talend Identity and Access Management, based on Apache Syncope. The use of the JAAS is also possible, within Talend ESB, by switching the module used from Talend Identity and Access Management to JAAS.

So, if you are using the subscription version of Talend ESB, you are able to either use the Talend Identity and Access Management or the JAAS security management systems. To switch between those two systems, you have to change the loginModule value in the <TalendRuntimePath>/container/etc/org.talend.esb.sts.server.cfg configuration file:

  • To use Talend Identity and Access Management, set the parameter as follows: loginModule=TIDM. You also need to set the tidmServiceUrl, tidmUsername, and tidmPassword properties in the configuration file. For more information about how to install the Talend Identity and Access Management, see the Talend Installation and Upgrade Guide .
  • To use JAAS, set the parameter as follows: loginModule=JAAS.

This way, when executing the tesb:start-sts command, Talend Runtime Container checks which module is used and then installs either the tesb-sts or the tesb-sts-tidm feature. If the loginModule property does not exist, by default, tesb-sts-tidm will be installed.

To switch from one security management system to the other, simply use the following commands:

  • tesb:switch-sts-jaas

    If the Security Token Service is not started yet, this command only changes the configuration file property to loginModule=JAAS.

    If the Security Token Service using the Talend Identity and Access Management is started, this command stops it and starts the JAAS module instead.

  • tesb:switch-sts-tidm

    If the Security Token Service is not started yet, this command only changes the configuration file property to loginModule=TIDM.

    If the Security Token Service using the JAAS module is started, this command stops it and starts the Talend Identity and Access Management instead.