Solved: Users from IAM (Syncope) on Talend Data Stewardshi...

DerfelCadarn · ‎10-27-2017

Hello,

In the Talend documentation it is written that the Talend Identity and Access Management "allow you to manage the user access to Talend Data Preparation and Talend Data Stewardship.".

Consequently, I created a User with a password inside a Group in Syncope (http://hostSyncope:8080/syncope-console) and I created a file "tds-client.json" in <myTomcat>/clients with the following content :

{
"post_logout_redirect_uris" : [ "http://my-machine:19999/", "http://localhost:19999/", "http://127.0.0.1:19999/" ],
"grant_types" : [ "password", "authorization_code", "refresh_token" ],
"scope" : "openid refreshToken",
"client_secret" : "cB/gNxe2SXR3SPDbhshZXzErZoxVy8yUcs/f6K39rsg=",
"redirect_uris" : [ "http://my-machine:19999/login", "http://localhost:19999/login", "http://127.0.0.1:19999/login" ],
"client_name" : "TDS OIDC Gateway",
"client_id" : "tl6K6ac7tSE-LQ"
}

I also checked my data-stewardship.properties file (Segment "### Talend IDP : id/secret for each application") to see if the client_id and the client_secret where the same.

Unfortunatly, when I try to connect to Talend Data Stewardship (http://localhost:8080/idp/federation/up/login) with the user I created in Syncope (http://hostSyncope:8080/syncope-console), I have an "Authentication failed" error.

What am I supposed to do to enable the user I created in Syncope to have an access to Talend Data Stewardship ?

Many thanks.

gvaznunes · ‎10-30-2017

Hi,

Talend IAM is used as a "bridge" between TAC and Data Preparation/Data Stewardship so that we have single sign-on between Prep and Stewardship (and other web UIs later on). So the interest of defining the links between IAM and Data Stewardship is ... to be able to connect to Data Stewardship with the users defined in TAC.

And the rights of the users in Data Stewardship (or Data Preparation) are defined in TAC, not in Talend IAM. Again, to be as explicit as possible: you do not have to and you must not do anything in Syncope's UI to create Data Stewardship users or groups or to manage their rights. Everything happens in TAC.

Regards,

Gwendal

xdshi · ‎10-29-2017

Hello,

Are you referring to this documentation about:TalendHelpCenter:Installing and configuring Talend Identity and Access Management?

Best regards

Sabrina

--
Don't forget to give kudos when a reply is helpful and click Accept the solution when you think you're good with it.

DerfelCadarn · ‎10-30-2017

Hello,

Yes, I am referring to this documentation that seems incomplete.

Regards

Etienne

gvaznunes · ‎10-30-2017

Hi,

See the following pages for Data Stewardship user creation: https://help.talend.com/reader/rwBWIfzNlMcU~DAjdvxy6g/lBixWpi8wihj30FTNXPTKw. You'll see that you simply have to create your users in TAC (Talend Administration Center). There is no need to create users manually in Talend IAM's Syncope.

I'll bring that up to our documentation team to avoid such confusion.

Regards,

Gwendal

DerfelCadarn · ‎10-30-2017

Hello,

Thanks but I already know how to create this kind of user. I just want to know how to use the IAM (Syncope) according to the Talend Documentation : "... Talend Identity and Access Management that allow you to manage the user access to Talend Data Preparation and Talend Data Stewardship."

Could you indicate me how to do that please ?

Regards,

Etienne

gvaznunes · ‎10-30-2017

Hi,

You cannot create users this way and you're not supposed to. The only way to create Data Stewardship/Data Preparation users is via TAC. Hence my comment above on fixing the documentation.

Regards,

Gwendal

DerfelCadarn · ‎10-30-2017

Hello,

Ok, I cannot create users with Syncope but can I use it to manage (defining rights on) the users I created in the TAC ? What is the interest of adding links (by creating a file "tds-client.json" in <myTomcat>/clients) between IAM and Data Stewardship ?

Thanks,

Etienne

gvaznunes · ‎10-30-2017

Hi,

Talend IAM is used as a "bridge" between TAC and Data Preparation/Data Stewardship so that we have single sign-on between Prep and Stewardship (and other web UIs later on). So the interest of defining the links between IAM and Data Stewardship is ... to be able to connect to Data Stewardship with the users defined in TAC.

And the rights of the users in Data Stewardship (or Data Preparation) are defined in TAC, not in Talend IAM. Again, to be as explicit as possible: you do not have to and you must not do anything in Syncope's UI to create Data Stewardship users or groups or to manage their rights. Everything happens in TAC.

Regards,

Gwendal

DerfelCadarn · ‎10-30-2017

Ok ! I understand everything now. Thank you very much !

Indeed, the documentation wasn't very clear...

Products

Support & Services

Company

Users from IAM (Syncope) on Talend Data Stewardship.

Users from IAM (Syncope) on Talend Data Stewardship.

Re: Users from IAM (Syncope) on Talend Data Stewardship.

Re: Users from IAM (Syncope) on Talend Data Stewardship.

Re: Users from IAM (Syncope) on Talend Data Stewardship.

Re: Users from IAM (Syncope) on Talend Data Stewardship.

Re: Users from IAM (Syncope) on Talend Data Stewardship.

Re: Users from IAM (Syncope) on Talend Data Stewardship.

Re: Users from IAM (Syncope) on Talend Data Stewardship.

Re: Users from IAM (Syncope) on Talend Data Stewardship.

Re: Users from IAM (Syncope) on Talend Data Stewardship.

Re: Users from IAM (Syncope) on Talend Data Stewardship.

Re: Users from IAM (Syncope) on Talend Data Stewardship.

Re: Users from IAM (Syncope) on Talend Data Stewardship.

Re: Users from IAM (Syncope) on Talend Data Stewardship.

Re: Users from IAM (Syncope) on Talend Data Stewardship.

Re: Users from IAM (Syncope) on Talend Data Stewardship.

Re: Users from IAM (Syncope) on Talend Data Stewardship.

Re: Users from IAM (Syncope) on Talend Data Stewardship.

Re: Users from IAM (Syncope) on Talend Data Stewardship.