Skip to main content

Amazon Cognito SSO for Kubernetes

Check the Helm information here. Once the Client Id is generated, see the snippet below for an example of where to place the client id value and update the authorizer configurations in the values.yaml. 
openmetadata:
  config:
    authorizer:
      className: "org.openmetadata.service.security.DefaultAuthorizer"
      containerRequestFilter: "org.openmetadata.service.security.JwtFilter"
      initialAdmins:
        - "admin"
      principalDomain: "open-metadata.org"
    authentication:
      provider: "aws-cognito"
      publicKeys:
        - "{your domain}/api/v1/system/config/jwks"
        - "{Cognito Domain}/{User Pool ID}/.well-known/jwks.json" # Update with your Cognito Domain and User Pool ID
      authority: "{Cognito Domain}/{User Pool ID}" # Update with your Cognito Domain and User Pool ID as follows - https://cognito-idp.us-west-1.amazonaws.com/us-west-1_DL8xfTzj8
      clientId: "{Client ID}" # Update with your Client ID
      callbackUrl: "http://localhost:8585/callback"

Configure Ingestion

Once your server security is set, it’s time to review the ingestion configuration. Our bots support JWT tokens to authenticate to the server when sending requests. Find more information on Enabling JWT Tokens and JWT Troubleshooting to ensure seamless authentication.