Six Stars

Users from IAM (Syncope) on Talend Data Stewardship.

Hello,

 

In the Talend documentation it is written that the Talend Identity and Access Management "allow you to manage the user access to Talend Data Preparation and Talend Data Stewardship.".

 

Consequently, I created a User with a password inside a Group in Syncope (http://hostSyncope:8080/syncope-console) and I created a file "tds-client.json" in <myTomcat>/clients with the following content :

 

{
"post_logout_redirect_uris" : [ "http://my-machine:19999/", "http://localhost:19999/", "http://127.0.0.1:19999/" ],
"grant_types" : [ "password", "authorization_code", "refresh_token" ],
"scope" : "openid refreshToken",
"client_secret" : "cB/gNxe2SXR3SPDbhshZXzErZoxVy8yUcs/f6K39rsg=",
"redirect_uris" : [ "http://my-machine:19999/login", "http://localhost:19999/login", "http://127.0.0.1:19999/login" ],
"client_name" : "TDS OIDC Gateway",
"client_id" : "tl6K6ac7tSE-LQ"
}

 

I also checked my data-stewardship.properties file (Segment "### Talend IDP : id/secret for each application") to see if the client_id and the client_secret where the same.

 

Unfortunatly, when I try to connect to Talend Data Stewardship (http://localhost:8080/idp/federation/up/login) with the user I created in Syncope (http://hostSyncope:8080/syncope-console), I have an "Authentication failed" error.

 

What am I supposed to do to enable the user I created in Syncope to have an access to Talend Data Stewardship ?

 

Many thanks.

1 ACCEPTED SOLUTION

Accepted Solutions
Employee

Re: Users from IAM (Syncope) on Talend Data Stewardship.

Hi,

 

Talend IAM is used as a "bridge" between TAC and Data Preparation/Data Stewardship so that we have single sign-on between Prep and Stewardship (and other web UIs later on). So the interest of defining the links between IAM and Data Stewardship is ... to be able to connect to Data Stewardship with the users defined in TAC.

 

And the rights of the users in Data Stewardship (or Data Preparation) are defined in TAC, not in Talend IAM. Again, to be as explicit as possible: you do not have to and you must not do anything in Syncope's UI to create Data Stewardship users or groups or to manage their rights. Everything happens in TAC.

 

Regards,

 

Gwendal

8 REPLIES
Moderator

Re: Users from IAM (Syncope) on Talend Data Stewardship.

Hello,

Are you referring to this documentation about:TalendHelpCenter:Installing and configuring Talend Identity and Access Management?

Best regards

Sabrina

 

--
Don't forget to give kudos when a reply is helpful and click Accept the solution when you think you're good with it.
Six Stars

Re: Users from IAM (Syncope) on Talend Data Stewardship.

Hello,

 

Yes, I am referring to this documentation that seems incomplete.

 

Regards

 

Etienne

Employee

Re: Users from IAM (Syncope) on Talend Data Stewardship.

Hi,

 

See the following pages for Data Stewardship user creation: https://help.talend.com/reader/rwBWIfzNlMcU~DAjdvxy6g/lBixWpi8wihj30FTNXPTKw. You'll see that you simply have to create your users in TAC (Talend Administration Center). There is no need to create users manually in Talend IAM's Syncope.

 

I'll bring that up to our documentation team to avoid such confusion.

 

Regards,

 

Gwendal

Six Stars

Re: Users from IAM (Syncope) on Talend Data Stewardship.

Hello,

 

Thanks but I already know how to create this kind of user. I just want to know how to use the IAM (Syncope) according to the Talend Documentation : "... Talend Identity and Access Management that allow you to manage the user access to Talend Data Preparation and Talend Data Stewardship."

 

Could you indicate me how to do that please ?

 

Regards,

 

Etienne

Employee

Re: Users from IAM (Syncope) on Talend Data Stewardship.

Hi,

 

You cannot create users this way and you're not supposed to. The only way to create Data Stewardship/Data Preparation users is via TAC. Hence my comment above on fixing the documentation.

 

Regards,

 

Gwendal

Six Stars

Re: Users from IAM (Syncope) on Talend Data Stewardship.

Hello,

 

Ok, I cannot create users with Syncope but can I use it to manage (defining rights on) the users I created in the TAC ? What is the interest of adding links (by creating a file "tds-client.json" in <myTomcat>/clients) between IAM and Data Stewardship ?

 

Thanks,

 

Etienne

Employee

Re: Users from IAM (Syncope) on Talend Data Stewardship.

Hi,

 

Talend IAM is used as a "bridge" between TAC and Data Preparation/Data Stewardship so that we have single sign-on between Prep and Stewardship (and other web UIs later on). So the interest of defining the links between IAM and Data Stewardship is ... to be able to connect to Data Stewardship with the users defined in TAC.

 

And the rights of the users in Data Stewardship (or Data Preparation) are defined in TAC, not in Talend IAM. Again, to be as explicit as possible: you do not have to and you must not do anything in Syncope's UI to create Data Stewardship users or groups or to manage their rights. Everything happens in TAC.

 

Regards,

 

Gwendal

Six Stars

Re: Users from IAM (Syncope) on Talend Data Stewardship.

Ok ! I understand everything now. Thank you very much !

 

Indeed, the documentation wasn't very clear...