Hi all! I am deploying DataHub on GKE and I want to put it behind GCP IAP. If I then also set up Google Authentication like the DataHub Doc detailed, the user would have to log in twice. So I want to skip OAuth, and simply use the JWT token added by IAP to identify individual users. I am wondering if DataHub has something that works with IAP, maybe similar to this https://github.com/GoogleCloudPlatform/jupyterhub-gcp-proxies-authenticator/blob/c[…]6b70e9005c52/gcpproxiesauthenticator/gcpproxiesauthenticator.py

Hi @agreeable-hamburger-38305. This is very interesting. I think it's definitely possible though today there's not a clear place to plug this in. We are currently rethinking how authentication works with the hopes of making it much more general purpose and pluggable. Once we implement that, we will be able to provide better guidance here 🙂

Great! Care to give me some pointers on how to do that?

Yep -- you can simply set the following env variable in

datahub-frontend

docker.env:

AUTH_JAAS_ENABLED=false
AUTH_OIDC_ENABLED=false

Thanks! @big-carpet-38439 thankyou

How are you deploying the docker containers? Ie. which command?

Ah I see!

I am still getting the same results

Oops! I think we updated the quickstart script to also use default variables some time recently. Can you try

docker-compose -p datahub \
    -f docker-compose.yml \
    -f docker-compose.override.yml \
    $CONSUMERS_COMPOSE $MONITORING_COMPOSE up

That worked!!!

yay!!!

Hi folks! I’ve created a feature request for this in our new portal - https://feature-requests.datahubproject.io/b/User-Experience/p/user-authentication-integration-with-gcp-iap