Configure user authentication for Talend Studio remote projects and Job Conductor using Talend Administration Center

Talend Big Data Platform Installation Guide for Linux

EnrichVersion
6.5
EnrichProdName
Talend Big Data Platform
task
Installation and Upgrade
EnrichPlatform
Talend Identity and Access Management
Talend Data Stewardship
Talend SAP RFC Server
Talend DQ Portal
Talend JobServer
Talend Administration Center
Talend Log Server
Talend Studio
Talend Artifact Repository
Talend Installer
Talend CommandLine
Talend Repository Manager
Talend Activity Monitoring Console
Talend Data Preparation
Talend Runtime

Talend JobServer uses Talend Administration Center based authentication for Talend Studio remote projects and for the Job Conductor in Talend Administration Center.

The authentication mode based on Talend Administration Center replaces the user authentication based on the users.csv file.

Talend Administration Center checks:
  • whether the user is authorized to work with the project the job belongs to, and
  • if this project is associated to the specific Talend JobServer.

Procedure

  1. Open TalendJobServer.properties and uncomment the following line:
    #org.talend.remote.jobserver.commons.config.JobServerConfiguration.TAC_URLS=http://host1:8080/org.talend.administrator,http://host2:8080/org.talend.administrator

    If the line is commented out, you will not be able to authenticate.

  2. Specify the Talend Administration Center URL of the Talend Administration Center instance to use for authorization.

    If you have set up a cluster involving multiple Talend Administration Center instances in your Talend system to provide high availability, specify a comma-separated list of Talend Administration Center instances.

    Talend JobServer will randomly choose an instance from this list and perform an automatic fail over in case of a connection problem.

If the specified Talend Administration Center instances run in https, configure secure connections to Talend Administration Center.

  1. Configure TLS/SSL in Talend Administration Center.
  2. Generate a KeyStore in .jks format:
    1. Connect to Talend Administration Center in a browser using https.
    2. Click on the HTTPS certificate chain > lock icon > Certificate Details.
    3. Export the server's certificate from the server KeyStore to a tacCert.cert certificate file.
    4. Use the following command to import the certificate into the KeyStore tacTrustStore.jks:
      keytool -import -noprompt -file <path_to_tacCert.cert> -alias tacCert -keystore tacTrustStore.jks -storepass password
  3. Edit the Talend JobServer start script start_rs.sh to set the JVM arguments to trust the Talend Administration Center certificate:
    MY_JMV_ARGS="-Djavax.net.ssl.trustStore=/path/tacTrustStore.jks -Djavax.net.ssl.trustStorePassword=password"