Skip to main content Skip to complementary content

Securing connections for Talend Data Stewardship

To secure connections between Talend Data Stewardship, the MongoDB server, and Apache Kafka, you need to edit the data-stewardship.properties file.

Information noteImportant: In the following procedure, the MongoDB server module, the Apache Kafka module, and other Talend Data Stewardship modules must all use the same truststore.
Information noteNote:

If you select the embedded MongoDB instance during the installation process, securing the MongoDB connection is not possible.

To secure connections with MongoDB using SSL, MongoDB Enterprise Server has to be manually installed on your machine. For more information, see https://docs.mongodb.com/v3.2/security/.

Procedure

  1. Open the <Data_Stewardship_Path>\apache-tomcat\conf\data-stewardship.properties file.
  2. To trust the server certificate used by Talend Data Stewardship, add the following properties with the appropriate values:
    http.ssl.truststore.location=<path_to_truststore>
    http.ssl.truststore.password=<truststore_password>
    Information noteNote: To be able to work with Talend Data Stewardship, make sure you only use one truststore.
  3. By default, Talend Data Stewardship does not verify that the hostname matches the certificate common name.
    To enable this verification, add the following property and set the value to true:
    http.ssl.verify.hostname=true
  4. To allow Talend Data Stewardship to use private key authentication, add the following properties with the appropriate values:
    http.ssl.keystore.location=<path_to_keystore>
    http.ssl.keystore.password=<keystore_password>
    http.ssl.key.password=<key_password>
  5. To secure connections with MongoDB, add the following properties with the appropriate values:
    spring.data.mongodb.ssl=true
    spring.data.mongodb.ssl.trust-store=<path_to_truststore>
    spring.data.mongodb.ssl.trust-store-password=<truststore_password>
  6. To secure connections with Kafka using communication encryption only, add the following properties with the appropriate values:
    kafka.security.protocol=SSL
    kafka.ssl.truststore.location=<path_to_truststore>
    kafka.ssl.truststore.password=<truststore_password>
  7. To secure connections with Kafka using authentication, add the following properties with the appropriate values:
    kafka.ssl.keystore.location=<path_to_keystore>
    kafka.ssl.keystore.password=<keystore_password>
    kafka.ssl.key.password=<key_password>
    Note that the communication encryption parameters must also be defined to use authentication.
  8. To secure connections with the message broker, add the following properties with the appropriate values:
    spring.cloud.stream.kafka.binder.configuration.security.protocol=SSL
    spring.cloud.stream.kafka.binder.configuration.ssl.truststore.location=<path_to_truststore>
    spring.cloud.stream.kafka.binder.configuration.ssl.truststore.password=<truststore_password>
    spring.cloud.stream.kafka.binder.configuration.ssl.keystore.location=<path_to_keystore>
    spring.cloud.stream.kafka.binder.configuration.ssl.keystore.password=<keystore_password>
    spring.cloud.stream.kafka.binder.configuration.ssl.key.password=<key_password>
    spring.cloud.stream.kafka.binder.configuration.ssl.endpoint.identification.algorithm=<ssl_algorithm>
    spring.kafka.properties.security.protocol=SSL
    spring.kafka.properties.ssl.truststore.location=<path_to_truststore>
    spring.kafka.properties.ssl.truststore.password=<truststore_password>
    spring.kafka.properties.ssl.keystore.location=<path_to_keystore>
    spring.kafka.properties.ssl.keystore.password=<keystore_password>
    spring.kafka.properties.ssl.key.password=<key_password>
  9. To secure connection with Talend Identity and Access Management, edit the following lines:
    tds.security=iam
    oidc.url=https://<host_name:port>/oidc
    oidc.userauth.url=https://<host_name:port>/oidc
    scim.url=https://<host_name:port>/scim
  10. Change the services URLs from http to https:
    tds.history.service.url=https://${public.ip}:${server.port}/data-history-service
    schema.service.url=https://${public.ip}:${server.port}/schemaservice
  11. Change the gateway URLs from http to https:
    
                      frontend.url=https://<datastewardship_server:port>/internal/frontend
    backend.url=https://<datastewardship_server:port>/internal/data-stewardship
    schemaservice.url=https://<datastewardship_server:port>/internal/schemaservice
    historyservice.url=https://<datastewardship_server:port>/internal/data-history-service
                   

What to do next

To enable HTTPS support on Tomcat, see https://tomcat.apache.org/tomcat-8.0-doc/ssl-howto.html.

To enable SSL support on MongoDB, see https://docs.mongodb.com/v3.0/tutorial/configure-ssl/.

To enable SSL support on Kafka, see http://kafka.apache.org/documentation.html#security_ssl.

To enable SSL support on Talend Identity and Access Management, see Securing connections for Talend Identity and Access Management.

Did this page help you?

If you find any issues with this page or its content – a typo, a missing step, or a technical error – please let us know!