Hello,
In the Talend documentation it is written that the Talend Identity and Access Management "allow you to manage the user access to Talend Data Preparation and Talend Data Stewardship.".
Consequently, I created a User with a password inside a Group in Syncope (http://hostSyncope:8080/syncope-console) and I created a file "tds-client.json" in <myTomcat>/clients with the following content :
{ "post_logout_redirect_uris" : [ "http://my-machine:19999/", "http://localhost:19999/", "http://127.0.0.1:19999/" ], "grant_types" : [ "password", "authorization_code", "refresh_token" ], "scope" : "openid refreshToken", "client_secret" : "cB/gNxe2SXR3SPDbhshZXzErZoxVy8yUcs/f6K39rsg=", "redirect_uris" : [ "http://my-machine:19999/login", "http://localhost:19999/login", "http://127.0.0.1:19999/login" ], "client_name" : "TDS OIDC Gateway", "client_id" : "tl6K6ac7tSE-LQ" }
I also checked my data-stewardship.properties file (Segment "### Talend IDP : id/secret for each application") to see if the client_id and the client_secret where the same.
Unfortunatly, when I try to connect to Talend Data Stewardship (http://localhost:8080/idp/federation/up/login) with the user I created in Syncope (http://hostSyncope:8080/syncope-console), I have an "Authentication failed" error.
What am I supposed to do to enable the user I created in Syncope to have an access to Talend Data Stewardship ?
Many thanks.
Solved! Go to Solution.
Hi,
Talend IAM is used as a "bridge" between TAC and Data Preparation/Data Stewardship so that we have single sign-on between Prep and Stewardship (and other web UIs later on). So the interest of defining the links between IAM and Data Stewardship is ... to be able to connect to Data Stewardship with the users defined in TAC.
And the rights of the users in Data Stewardship (or Data Preparation) are defined in TAC, not in Talend IAM. Again, to be as explicit as possible: you do not have to and you must not do anything in Syncope's UI to create Data Stewardship users or groups or to manage their rights. Everything happens in TAC.
Regards,
Gwendal
Hello,
Are you referring to this documentation about:TalendHelpCenter:Installing and configuring Talend Identity and Access Management?
Best regards
Sabrina
Hello,
Yes, I am referring to this documentation that seems incomplete.
Regards
Etienne
Hi,
See the following pages for Data Stewardship user creation: https://help.talend.com/reader/rwBWIfzNlMcU~DAjdvxy6g/lBixWpi8wihj30FTNXPTKw. You'll see that you simply have to create your users in TAC (Talend Administration Center). There is no need to create users manually in Talend IAM's Syncope.
I'll bring that up to our documentation team to avoid such confusion.
Regards,
Gwendal
Hello,
Thanks but I already know how to create this kind of user. I just want to know how to use the IAM (Syncope) according to the Talend Documentation : "... Talend Identity and Access Management that allow you to manage the user access to Talend Data Preparation and Talend Data Stewardship."
Could you indicate me how to do that please ?
Regards,
Etienne
Hi,
You cannot create users this way and you're not supposed to. The only way to create Data Stewardship/Data Preparation users is via TAC. Hence my comment above on fixing the documentation.
Regards,
Gwendal
Hello,
Ok, I cannot create users with Syncope but can I use it to manage (defining rights on) the users I created in the TAC ? What is the interest of adding links (by creating a file "tds-client.json" in <myTomcat>/clients) between IAM and Data Stewardship ?
Thanks,
Etienne
Hi,
Talend IAM is used as a "bridge" between TAC and Data Preparation/Data Stewardship so that we have single sign-on between Prep and Stewardship (and other web UIs later on). So the interest of defining the links between IAM and Data Stewardship is ... to be able to connect to Data Stewardship with the users defined in TAC.
And the rights of the users in Data Stewardship (or Data Preparation) are defined in TAC, not in Talend IAM. Again, to be as explicit as possible: you do not have to and you must not do anything in Syncope's UI to create Data Stewardship users or groups or to manage their rights. Everything happens in TAC.
Regards,
Gwendal
Ok ! I understand everything now. Thank you very much !
Indeed, the documentation wasn't very clear...