Linking Talend Administration Center in IdP-initiated mode
These steps are performed on Talend Administration Center Configuration > SSOtab.
Procedure
- Log in to Talend Administration Center.
- From the Configuration page, expand the SSO node.
-
If SSO has not been enabled yet, select true in the
Use SSO Login field.
- Click Launch Upload in the IDP metadata field and upload the Identity Provider (IdP) metadata file you have previously downloaded from your Identity Provider system.
-
In the Service Provider Entity ID field, enter the
Entity ID of your Service Provider (available in the configuration of the
IdP).
You can find examples following this link.
-
Select the Identity Provider in the IDP Authentication
Plugin drop-down list.
If Custom plugin is selected, an Upload IDP Authentication Plugin dialog box will prompt you to upload the custom Identity Provider metadata file.
The jar files provided by Qlik are located in the <TomcatPath>/webapps/org.talend.administrator/idp/plugins directory.
It is possible to rewrite the authentication code if necessary.
The Identity Provider System field changes automatically depending on your Identity Provider system.
-
Click Identity Provider Configuration and fill out the
required information.
You can find examples following this link.
-
Set the Use Role Mapping field to
true to map the application project types and the
user roles with those defined in the Identity Provider system.
Once you have defined project types/roles at the Identity Provider side, you cannot to edit them from Talend Administration Center.
-
Click Mapping Configuration and fill in the role/project
type fields with the corresponding SAML attributes previously set in the
Identity Provider system.
Project type examples:
- MDM = MDM
- DI = DI
- DM = DM
- NPA = NPA
Role examples:
-
Talend Administration Center roles
- Administrator = tac_admin
- Operation Manager = tac_om
Setting the Talend Administration Center roles is mandatory.
-
Talend Data Preparation roles
- Administrator = dp_admin
- Data Preparator = dp_dp
-
Talend Data Stewardship roles
- Data Steward = tds_ds
If your organization does not accept custom attributes in the SAML token, either:
-
Select Show Advanced Configuration in the wizard
and, in Path to Value, enter the XPath expression
to target the SAML value to map to the corresponding Talend Administration Center object
(Project Types, Roles,
Email, First Name,
Last Name).
Example: /saml2p:Response/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='tac.projectType']/saml2:AttributeValue/text()
-
Set Use Role Mapping to
false.
In this case, you cannot create users manually, but the user type and the user roles can be edited in Talend Administration Center.
When users log in for the first time, their type is No Project Access.
The default login timeout is set to 120 seconds, which you can change by adding the sso.config.clientLoginTimeout parameter with the desired timeout to the <ApplicationPath>/WEB-INF/classes/configuration.properties file.
- In the Redirect URL on Logout field, enter the the URL of IDP you want to redirect browser to on logout from Talend Administration Center. If this field is empty, you will be redirected to the default location of Talend Administration Center on logout.
Results
You are able to log in to Talend Administration Center through your Identity Provider.
Did this page help you?
If you find any issues with this page or its content – a typo, a missing step, or a technical error – please let us know!