Auth0 SSO for Kubernetes

Check the Helm information here. Check the more information about environment variable here. Here is an example for reference, showing where to place the values in the values.yaml file after setting up your Auth0 account and obtaining the application credentials.

implicit
authcode

# Public Flow

openmetadata:
  config:
    authorizer:
      className: "org.openmetadata.service.security.DefaultAuthorizer"
      containerRequestFilter: "org.openmetadata.service.security.JwtFilter"
      initialAdmins:  # john.doe from [email protected]
      - "admin"
      - "user1"
      - "user2"
      principalDomain: "open-metadata.org"  # Update with your Domain,The primary domain for the organization (example.com from [email protected]).

    authentication:
      clientType: public
      provider: "auth0"
      publicKeys:
      - "{your domain}/api/v1/system/config/jwks" # Update with your Domain and Make sure this "/api/v1/system/config/jwks" is always configured to enable JWT tokens
      - "{Auth0 Domain Name}/.well-known/jwks.json"
      authority: "{Your Auth0 Domain}"  # The base URL of the authentication provider.
      clientId: "{Client ID}"
      callbackUrl: "http://localhost:8585/callback"

# Auth Code Flow

openmetadata:
  config:
    authorizer:
      className: "org.openmetadata.service.security.DefaultAuthorizer"
      containerRequestFilter: "org.openmetadata.service.security.JwtFilter"
      initialAdmins:  # john.doe from [email protected]
      - "admin"
      - "user1"
      - "user2"
      principalDomain: "open-metadata.org"  # Update with your Domain,The primary domain for the organization (example.com from [email protected]).

    authentication:
      clientType: confidential
      provider: "auth0"
      publicKeys:  # List of URLs providing public keys for verifying JWT tokens.
        - "{Your Domain}/api/v1/system/config/jwks"    # Update with your Domain and Make sure this "/api/v1/system/config/jwks" is always configured to enable JWT tokens
        - "{Auth0 Domain Name}/.well-known/jwks.json
      authority: "{Your Auth0 Domain}"  # The base URL of the authentication provider.
      clientId: "{Client ID}"  # Update your Client ID
      callbackUrl: "http://localhost:8585/callback"
      oidcConfiguration:
        oidcType: "Auth0"
        clientId:
          secretRef: oidc-secrets
          secretKey: openmetadata-oidc-client-id
        clientSecret:
          secretRef: oidc-secrets
          secretKey: openmetadata-oidc-client-secret
        discoveryUri: "{Domain name}/.well-known/openid-configuration"  # Update your Auth0 Domain
        callbackUrl: http://localhost:8585/callback
        serverUrl: http://localhost:8585

Configure Ingestion

Once your server security is set, it’s time to review the ingestion configuration. Our bots support JWT tokens to authenticate to the server when sending requests. Find more information on Enabling JWT Tokens and JWT Troubleshooting to ensure seamless authentication.

Auth

Go to Auth0 Configuration

Get Started

Day 1

Auth0 SSO for Kubernetes | Official Documentation

Auth0 SSO for Kubernetes

Configure Ingestion

Auth

Get Started

Day 1

​Auth0 SSO for Kubernetes

​Configure Ingestion

Auth

Auth0 SSO for Kubernetes

Configure Ingestion