| {"version":3,"sources":["/home/madhan/Apache/git/atlas/docs/target/src/documents/Security/Authentication.md","/home/madhan/Apache/git/atlas/docs/target/theme/styles/styled-colors.js"],"names":["layoutProps","MDXContent","components","props","mdxType","parentName","wrapLines","language","style","theme","isMDXComponent","dark","hljs","color"],"mappings":"klBAWMA,EAAc,GAIL,SAASC,EAAW,GAG/B,IAFFC,EAAU,EAAVA,WACGC,EAAK,iBAER,OAAO,cALS,UAKC,iBAAKH,EAAiBG,EAAK,CAAED,WAAYA,EAAYE,QAAQ,cAE5E,oBACE,GAAM,kCAAgC,mCAExC,oBACE,GAAM,kBAAgB,kBAExB,0EACA,wBACE,oBAAIC,WAAW,MAAK,wBAAQA,WAAW,MAAI,SAC3C,oBAAIA,WAAW,MAAK,wBAAQA,WAAW,MAAI,aAC3C,oBAAIA,WAAW,MAAK,wBAAQA,WAAW,MAAI,SAC3C,oBAAIA,WAAW,MAAK,wBAAQA,WAAW,MAAI,uCAC3C,oBAAIA,WAAW,MAAK,wBAAQA,WAAW,MAAI,SAE7C,+GAA4F,4BAAYA,WAAW,KAAG,gCAA8C,UACpK,cAAC,IAAiB,CAACC,WAAW,EAAMC,SAAS,QAAQC,MAAOC,IAAYL,QAAQ,qBAAmB,8LAMnG,4XAEA,oBACE,GAAM,eAAa,gBAErB,8KACmC,4BAAYC,WAAW,KAAG,6CAA2D,OAAQ,4BAAYA,WAAW,KAAG,gCAA8C,KACxM,cAAC,IAAiB,CAACC,WAAW,EAAMC,SAAS,QAAQC,MAAOC,IAAYL,QAAQ,qBAAmB,2FAE3D,iBAAgB,uCAExD,8EACA,cAAC,IAAiB,CAACE,WAAW,EAAMC,SAAS,QAAQC,MAAOC,IAAYL,QAAQ,qBAAmB,mCAGnG,oCACA,cAAC,IAAiB,CAACE,WAAW,EAAMC,SAAS,QAAQC,MAAOC,IAAYL,QAAQ,qBAAmB,iFAGnG,oDAAiC,wBAAQC,WAAW,KAAG,SAAmB,KAAM,wBAAQA,WAAW,KAAG,gBAA0B,OAAQ,wBAAQA,WAAW,KAAG,mBAC9J,uBAAG,oBAAIA,WAAW,KAAG,QAAc,2FACnC,mCACA,cAAC,IAAiB,CAACC,WAAW,EAAMC,SAAS,QAAQC,MAAOC,IAAYL,QAAQ,qBAAmB,uGAInG,oBACE,GAAM,mBAAiB,oBAEzB,mGAAgF,4BAAYC,WAAW,KAAG,wCAAsD,eAAgB,4BAAYA,WAAW,KAAG,iCAC1M,cAAC,IAAiB,CAACC,WAAW,EAAMC,SAAS,QAAQC,MAAOC,IAAYL,QAAQ,qBAAmB,+CAGnG,mEACA,cAAC,IAAiB,CAACE,WAAW,EAAMC,SAAS,QAAQC,MAAOC,IAAYL,QAAQ,qBAAmB,gVAMnG,oBACE,GAAM,eAAa,gBAErB,+FAA4E,4BAAYC,WAAW,KAAG,oCAAkD,+CAAgD,4BAAYA,WAAW,KAAG,yCAAuD,qBAAsB,4BAAYA,WAAW,KAAG,gCAA8C,gDAEvX,cAAC,IAAiB,CAACC,WAAW,EAAMC,SAAS,QAAQC,MAAOC,IAAYL,QAAQ,qBAAmB,wFAInG,sHACA,oBACE,GAAM,oBAAkB,oBAE1B,cAAC,IAAiB,CAACE,WAAW,EAAMC,SAAS,QAAQC,MAAOC,IAAYL,QAAQ,qBAAmB,ihBAUnG,oBACE,GAAM,kBAAgB,kBAExB,cAAC,IAAiB,CAACE,WAAW,EAAMC,SAAS,QAAQC,MAAOC,IAAYL,QAAQ,qBAAmB,wtBAanG,oBACE,GAAM,mBAAiB,oBAEzB,4FAAyE,4BAAYC,WAAW,KAAG,wCAAsD,sCAAuC,4BAAYA,WAAW,KAAG,6CAA2D,4BAA6B,4BAAYA,WAAW,KAAG,iBAA+B,OAAQ,4BAAYA,WAAW,KAAG,gCAA8C,eACpb,4BAAYA,WAAW,KAAG,mDAAiE,2GAA4G,oBAAIA,WAAW,KAAG,SAAe,iHAC7L,4BAAYA,WAAW,KAAG,qDAAmE,6CAA8C,wBAAQA,WAAW,KAAG,OAAiB,4EACpO,cAAC,IAAiB,CAACC,WAAW,EAAMC,SAAS,QAAQC,MAAOC,IAAYL,QAAQ,qBAAmB,6KAKnG,uGAAoF,4BAAYC,WAAW,KAAG,+CAA6D,qCAAsC,4BAAYA,WAAW,KAAG,kCAAgD,KAC3R,cAAC,IAAiB,CAACC,WAAW,EAAMC,SAAS,QAAQC,MAAOC,IAAYL,QAAQ,qBAAmB,+QAYnG,oBACE,GAAM,OAAK,QAEb,6GAA0F,oBAAIC,WAAW,KAAG,gBAC5G,0EACA,wBACE,oBAAIA,WAAW,MAAI,0BAA4B,4BAAYA,WAAW,MAAI,mCAAiD,eAAgB,4BAAYA,WAAW,MAAI,gCAA8C,MAEtN,cAAC,IAAiB,CAACC,WAAW,EAAMC,SAAS,QAAQC,MAAOC,IAAYL,QAAQ,qBAAmB,wCAGnG,wBACE,oBAAIC,WAAW,MAAI,oBAAsB,4BAAYA,WAAW,MAAI,2DAAyE,8EAC1G,4BAAYA,WAAW,MAAI,oBAAkC,MAElG,cAAC,IAAiB,CAACC,WAAW,EAAMC,SAAS,QAAQC,MAAOC,IAAYL,QAAQ,qBAAmB,kDAItG,8LAEDH,EAAWS,gBAAiB,G,+DCtK5B,iFAqBAC,IAAKC,KAAKC,MAAQ,UACHF,MAAI","file":"static/js/documents-security-authentication.3ee79ab6.js","sourcesContent":["\nimport React from 'react'\nimport { mdx } from '@mdx-js/react'\n\n/* @jsxRuntime classic */\n/* @jsx mdx */\nimport themen from 'theme/styles/styled-colors';\nimport * as theme from 'react-syntax-highlighter/dist/esm/styles/hljs';\nimport SyntaxHighlighter from 'react-syntax-highlighter';\n\n\nconst layoutProps = {\n \n};\nconst MDXLayout = \"wrapper\"\nexport default function MDXContent({\n components,\n ...props\n}) {\n return <MDXLayout {...layoutProps} {...props} components={components} mdxType=\"MDXLayout\">\n\n <h1 {...{\n \"id\": \"authentication-in-apache-atlas\"\n }}>{`Authentication in Apache Atlas.`}</h1>\n <h3 {...{\n \"id\": \"authentication\"\n }}>{`Authentication`}</h3>\n <p>{`Atlas supports following authentication methods`}</p>\n <ul>\n <li parentName=\"ul\"><strong parentName=\"li\">{`File`}</strong></li>\n <li parentName=\"ul\"><strong parentName=\"li\">{`Kerberos`}</strong></li>\n <li parentName=\"ul\"><strong parentName=\"li\">{`LDAP`}</strong></li>\n <li parentName=\"ul\"><strong parentName=\"li\">{`Keycloak (OpenID Connect / OAUTH2)`}</strong></li>\n <li parentName=\"ul\"><strong parentName=\"li\">{`PAM`}</strong></li>\n </ul>\n <p>{`Following properties should be set true to enable the authentication of that type in `}<inlineCode parentName=\"p\">{`atlas-application.properties`}</inlineCode>{` file.`}</p>\n <SyntaxHighlighter wrapLines={true} language=\"shell\" style={theme.dark} mdxType=\"SyntaxHighlighter\">\n {`atlas.authentication.method.kerberos=true|false\natlas.authentication.method.ldap=true|false\natlas.authentication.method.file=true|false\natlas.authentication.method.keycloak=true|false`}\n </SyntaxHighlighter>\n <p>{`If two or more authentication methods are set to true, then the authentication falls back to the latter method if the earlier one fails.\nFor example if Kerberos authentication is set to true and ldap authentication is also set to true then, if for a request without kerberos principal and keytab LDAP authentication will be used as a fallback scenario.`}</p>\n <h3 {...{\n \"id\": \"file-method\"\n }}>{`FILE method.`}</h3>\n <p>{`File authentication requires users' login details in users credentials file in the format specified below and\nthe file path should set to property `}<inlineCode parentName=\"p\">{`atlas.authentication.method.file.filename`}</inlineCode>{` in `}<inlineCode parentName=\"p\">{`atlas-application.properties`}</inlineCode>{`.`}</p>\n <SyntaxHighlighter wrapLines={true} language=\"shell\" style={theme.dark} mdxType=\"SyntaxHighlighter\">\n {`atlas.authentication.method.file=true\natlas.authentication.method.file.filename=${'sys:atlas.home'}/conf/users-credentials.properties`}\n </SyntaxHighlighter>\n <p>{`The users credentials file should have below format`}</p>\n <SyntaxHighlighter wrapLines={true} language=\"shell\" style={theme.dark} mdxType=\"SyntaxHighlighter\">\n {`username=group::sha256-password`}\n </SyntaxHighlighter>\n <p>{` For e.g.`}</p>\n <SyntaxHighlighter wrapLines={true} language=\"shell\" style={theme.dark} mdxType=\"SyntaxHighlighter\">\n {`admin=ADMIN::e7cf3ef4f17c3999a94f2c6f612e8a888e5b1026878e4e19398b23bd38ec221a`}\n </SyntaxHighlighter>\n <p>{`Users group can be either `}<strong parentName=\"p\">{`ADMIN`}</strong>{`, `}<strong parentName=\"p\">{`DATA_STEWARD`}</strong>{` OR `}<strong parentName=\"p\">{`DATA_SCIENTIST`}</strong></p>\n <p><em parentName=\"p\">{`Note`}</em>{`:-password is encoded with sha256 encoding method and can be generated using unix tool.`}</p>\n <p>{`For e.g.`}</p>\n <SyntaxHighlighter wrapLines={true} language=\"shell\" style={theme.dark} mdxType=\"SyntaxHighlighter\">\n {`echo -n \"Password\" | sha256sum\ne7cf3ef4f17c3999a94f2c6f612e8a888e5b1026878e4e19398b23bd38ec221a -`}\n </SyntaxHighlighter>\n <h3 {...{\n \"id\": \"kerberos-method\"\n }}>{`Kerberos Method.`}</h3>\n <p>{`To enable the authentication in Kerberos mode in Atlas, set the property `}<inlineCode parentName=\"p\">{`atlas.authentication.method.kerberos`}</inlineCode>{` to true in `}<inlineCode parentName=\"p\">{`atlas-application.properties`}</inlineCode></p>\n <SyntaxHighlighter wrapLines={true} language=\"shell\" style={theme.dark} mdxType=\"SyntaxHighlighter\">\n {`atlas.authentication.method.kerberos = true`}\n </SyntaxHighlighter>\n <p>{`Also following properties should be set.`}</p>\n <SyntaxHighlighter wrapLines={true} language=\"shell\" style={theme.dark} mdxType=\"SyntaxHighlighter\">\n {`atlas.authentication.method.kerberos.principal=<principal>/<fqdn>@EXAMPLE.COM\natlas.authentication.method.kerberos.keytab = /<key tab filepath>.keytab\natlas.authentication.method.kerberos.name.rules = RULE:[2:$1@$0](atlas@EXAMPLE.COM)s/.*/atlas/\natlas.authentication.method.kerberos.token.validity = 3600 [ in Seconds (optional)]`}\n </SyntaxHighlighter>\n <h3 {...{\n \"id\": \"ldap-method\"\n }}>{`LDAP Method.`}</h3>\n <p>{`To enable the authentication in LDAP mode in Atlas, set the property `}<inlineCode parentName=\"p\">{`atlas.authentication.method.ldap`}</inlineCode>{` to true and also set Ldap type to property `}<inlineCode parentName=\"p\">{`atlas.authentication.method.ldap.type`}</inlineCode>{` to LDAP or AD in `}<inlineCode parentName=\"p\">{`atlas-application.properties`}</inlineCode>{`.\nUse AD if connecting to Active Directory.`}</p>\n <SyntaxHighlighter wrapLines={true} language=\"shell\" style={theme.dark} mdxType=\"SyntaxHighlighter\">\n {`atlas.authentication.method.ldap=true\natlas.authentication.method.ldap.type=ldap|ad`}\n </SyntaxHighlighter>\n <p>{`For LDAP or AD the following configuration needs to be set in atlas application properties.`}</p>\n <h3 {...{\n \"id\": \"active-directory\"\n }}>{`Active Directory`}</h3>\n <SyntaxHighlighter wrapLines={true} language=\"shell\" style={theme.dark} mdxType=\"SyntaxHighlighter\">\n {`atlas.authentication.method.ldap.ad.domain= example.com\natlas.authentication.method.ldap.ad.url=ldap://<AD server ip>:389\natlas.authentication.method.ldap.ad.base.dn=DC=example,DC=com\natlas.authentication.method.ldap.ad.bind.dn=CN=Administrator,CN=Users,DC=example,DC=com\natlas.authentication.method.ldap.ad.bind.password=<password>\natlas.authentication.method.ldap.ad.referral=ignore\natlas.authentication.method.ldap.ad.user.searchfilter=(sAMAccountName={0})\natlas.authentication.method.ldap.ad.default.role=ROLE_USER`}\n </SyntaxHighlighter>\n <h3 {...{\n \"id\": \"ldap-directory\"\n }}>{`LDAP Directory`}</h3>\n <SyntaxHighlighter wrapLines={true} language=\"shell\" style={theme.dark} mdxType=\"SyntaxHighlighter\">\n {`atlas.authentication.method.ldap.url=ldap://<Ldap server ip>:389\natlas.authentication.method.ldap.userDNpattern=uid={0},ou=users,dc=example,dc=com\natlas.authentication.method.ldap.groupSearchBase=dc=example,dc=com\natlas.authentication.method.ldap.groupSearchFilter=(member=cn={0},ou=users,dc=example,dc=com\natlas.authentication.method.ldap.groupRoleAttribute=cn\natlas.authentication.method.ldap.base.dn=dc=example,dc=com\natlas.authentication.method.ldap.bind.dn=cn=Manager,dc=example,dc=com\natlas.authentication.method.ldap.bind.password=<password>\natlas.authentication.method.ldap.referral=ignore\natlas.authentication.method.ldap.user.searchfilter=(uid={0})\natlas.authentication.method.ldap.default.role=ROLE_USER`}\n </SyntaxHighlighter>\n <h3 {...{\n \"id\": \"keycloak-method\"\n }}>{`Keycloak Method.`}</h3>\n <p>{`To enable Keycloak authentication mode in Atlas, set the property `}<inlineCode parentName=\"p\">{`atlas.authentication.method.keycloak`}</inlineCode>{` to true and also set the property `}<inlineCode parentName=\"p\">{`atlas.authentication.method.keycloak.file`}</inlineCode>{` to the location of your `}<inlineCode parentName=\"p\">{`keycloak.json`}</inlineCode>{` in `}<inlineCode parentName=\"p\">{`atlas-application.properties`}</inlineCode>{`.\nAlso set `}<inlineCode parentName=\"p\">{`atlas.authentication.method.keycloak.ugi-groups`}</inlineCode>{` to false if you want to pickup groups from Keycloak. By default, the groups will be picked up from the `}<em parentName=\"p\">{`roles`}</em>{` defined in Keycloak. In case you want to use the groups\nyou need to create a mapping in keycloak and define `}<inlineCode parentName=\"p\">{`atlas.authentication.method.keycloak.groups_claim`}</inlineCode>{` equal to the token claim name. Make sure `}<strong parentName=\"p\">{`not`}</strong>{` to use the full group path and add the information to the access token.`}</p>\n <SyntaxHighlighter wrapLines={true} language=\"shell\" style={theme.dark} mdxType=\"SyntaxHighlighter\">\n {`atlas.authentication.method.keycloak=true\natlas.authentication.method.keycloak.file=/opt/atlas/conf/keycloak.json\natlas.authentication.method.keycloak.ugi-groups=false`}\n </SyntaxHighlighter>\n <p>{`Setup you keycloak.json per instructions from Keycloak. Make sure to include `}<inlineCode parentName=\"p\">{`\"principal-attribute\": \"preferred_username\"`}</inlineCode>{` to ensure readable usernames and `}<inlineCode parentName=\"p\">{`\"autodetect-bearer-only\": true`}</inlineCode>{`.`}</p>\n <SyntaxHighlighter wrapLines={true} language=\"shell\" style={theme.dark} mdxType=\"SyntaxHighlighter\">\n {`{\n \"realm\": \"auth\",\n \"auth-server-url\": \"http://keycloak-server/auth\",\n \"ssl-required\": \"external\",\n \"resource\": \"atlas\",\n \"public-client\": true,\n \"confidential-port\": 0,\n \"principal-attribute\": \"preferred_username\",\n \"autodetect-bearer-only\": true\n}`}\n </SyntaxHighlighter>\n <h3 {...{\n \"id\": \"pam\"\n }}>{`PAM.`}</h3>\n <p>{`The prerequisite for enabling PAM authentication, is to have login service file in `}<em parentName=\"p\">{`/etc/pam.d/`}</em></p>\n <p>{`To enable the PAM authentication mode in Atlas.`}</p>\n <ul>\n <li parentName=\"ul\">{`Set the atlas property `}<inlineCode parentName=\"li\">{`atlas.authentication.method.pam`}</inlineCode>{` to true in `}<inlineCode parentName=\"li\">{`atlas-application.properties`}</inlineCode>{`.`}</li>\n </ul>\n <SyntaxHighlighter wrapLines={true} language=\"shell\" style={theme.dark} mdxType=\"SyntaxHighlighter\">\n {`atlas.authentication.method.pam=true`}\n </SyntaxHighlighter>\n <ul>\n <li parentName=\"ul\">{`Set the property `}<inlineCode parentName=\"li\">{`atlas.authentication.method.pam.service=<login service>`}</inlineCode>{` to use desired PAM login service.\nFor example, set below property to use `}<inlineCode parentName=\"li\">{`/etc/pam.d/login`}</inlineCode>{`.`}</li>\n </ul>\n <SyntaxHighlighter wrapLines={true} language=\"shell\" style={theme.dark} mdxType=\"SyntaxHighlighter\">\n {`atlas.authentication.method.pam.service=login`}\n </SyntaxHighlighter>\n </MDXLayout>;\n}\n;\nMDXContent.isMDXComponent = true;","/**\n * Licensed to the Apache Software Foundation (ASF) under one\n * or more contributor license agreements. See the NOTICE file\n * distributed with this work for additional information\n * regarding copyright ownership. The ASF licenses this file\n * to you under the Apache License, Version 2.0 (the\n * \"License\"); you may not use this file except in compliance\n * with the License. You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { dark } from \"react-syntax-highlighter/dist/esm/styles/hljs\";\n\n//dark[\"powershell\"][\"color\"] = \"#37bb9b\";\ndark.hljs.color = \"#37bb9b\";\nexport default dark;"],"sourceRoot":""} |