We integrated with Okta, but then how can I log ou...
# all-things-deploymenta
agreeable-plastic-37919
02/11/2022, 7:12 PMWe integrated with Okta, but then how can I log out to login to the admin account? Every time I logout, the page redirects to Okta and automatically relogs me back in?
i
incalculable-ocean-74010
02/11/2022, 7:20 PMHello William, what admin account are you referring to?
incalculable-ocean-74010
02/11/2022, 7:21 PMIf you still have JAAS-based authentication enabled (
AUTH_JAAS_ENABLED=true Copy code
https://<datahub-url>:9002/loginincalculable-ocean-74010
02/11/2022, 7:22 PMI would HIGHLY recommend you change the default account that works there though! Modify
user.propsincalculable-ocean-74010
02/11/2022, 7:22 PMYou can find more details about JAAS here: https://datahubproject.io/docs/how/auth/jaas
👍 1
a
agreeable-plastic-37919
02/11/2022, 7:30 PMty
h
handsome-football-66174
04/29/2022, 3:17 PM@incalculable-ocean-74010 - I am facing the same issue. Whenever I logout, it automatically asks for authentication without asking for user id and password. How do we resolve this ?
i
incalculable-ocean-74010
04/29/2022, 8:39 PMHello @handsome-football-66174
Is enabling JAAS auth as well as OIDC?
h
handsome-football-66174
04/29/2022, 8:43 PM@incalculable-ocean-74010 Our current OIDC configurations are as below -
Copy code
extraEnvs:
- name: AUTH_OIDC_ENABLED
value: "true"
- name: AUTH_OIDC_CLIENT_ID
value: "clientid"
- name: AUTH_OIDC_CLIENT_SECRET
value: "secret!"
- name: AUTH_OIDC_DISCOVERY_URI
value: "discovery url"
- name: AUTH_OIDC_BASE_URL
value: "hostname"
- name: AUTH_OIDC_SCOPE
value: "openid profile email"
- name: AUTH_OIDC_JIT_PROVISIONING_ENABLED
value: "false"
- name: AUTH_OIDC_PRE_PROVISIONING_REQUIRED
value: "true"
#- name: AUTH_OIDC_USER_NAME_CLAIM
# value: "email"
#- name: AUTH_OIDC_USER_NAME_CLAIM_REGEX
# value: "([^@]+)"i
incalculable-ocean-74010
04/30/2022, 8:40 AMPlease also enable JAAS auth and try to login with datahub user/pass combo. If that works then you can specify special admin accounts in the user.props file of the datahub frontend container. See JAAS login documentation for that.
incalculable-ocean-74010
04/30/2022, 8:41 AMThat said, if you are using OIDC and want to access an admin account I would suggest creating one in your identity provider, say okta, then in an anonymous tab login to datahub using that account.
p
prehistoric-salesclerk-23462
05/05/2022, 11:47 AM@incalculable-ocean-74010 how can I specify special admin accounts as you mentioned in user.props? I see that user.props only have the user:pass key pair. I have added users in user.props but no user can add tags etc and I get this error.
Failed to create & add tag: Unauthorized to perform this action. Please contact your DataHub administrator.i
incalculable-ocean-74010
05/05/2022, 12:37 PMHello Hamid, the new account needs to be have this permission most likely: https://github.com/datahub-project/datahub/blob/58fbf9fc899a01c260032fb2c95e0a5d7654f768/metadata-utils/src/main/java/com/linkedin/metadata/authorization/PoliciesConfig.java#L78
incalculable-ocean-74010
05/05/2022, 12:38 PMI have opened a PR to document these permissions on our docs, as they were linked only on the code. Apologies for that!
p
prehistoric-salesclerk-23462
05/05/2022, 1:31 PM@incalculable-ocean-74010 where can I set this privillage? I don’t have the users visible in UI because they were added in user.props?
i
incalculable-ocean-74010
05/05/2022, 1:59 PMThe user does not appear when searching for it? Nor in the Users & Groups tab?
p
prehistoric-salesclerk-23462
05/05/2022, 1:59 PMNo but still I can login with the users added to
user.props3 Views