Authentication¶
Authentication is the process of verifying who an entity (such as a user) is. In order to enable authentication for Ververica Platform you have to integrate with an external identity provider. Ververica Platform does not actively manage user records (such as names or passwords).
The following identity providers are supported:
OpenID Connect (OIDC)¶
Ververica Platform supports integration with OpenID Connect (OIDC) identity providers for authentication. OIDC is an authentication protocol that is based on the OAuth 2.0 family of specifications.
If your organization uses a different authorization system, such as Lightweight Directory Access Protocol (LDAP), Active Directory, or Security Assertion Markup Language (SAML), you may use an OIDC bridge such as Dex to connect the systems.
Configuration¶
In order to enable the OIDC integration, you have to configure it in the main configuration file under the vvp.auth.oidc key by providing a registration and provider specification.
Example: OIDC configuration template
vvp:
auth:
enabled: true
admins:
- user:foo@bar.com
oidc:
groupsClaim: roles # The OIDC claim containing a user's groups
registrationId: my-oidc-provider
registration:
clientId: vvp
clientSecret: secret
redirectUri: "{baseUrl}/{action}/oauth2/code/{registrationId}"
clientAuthenticationMethod: basic
authorizationGrantType: authorization_code
scope:
- openid
provider:
authorizationUri: http://my-oidc-provider.internal/openid-connect/auth
tokenUri: http://my-oidc-provider.internal/openid-connect/token
userInfoUri: http://my-oidc-provider.internal/openid-connect/userinfo
jwkSetUri: http://my-oidc-provider.internal/openid-connect/certs
userNameAttribute: email # Required to correctly identify users
endSessionEndpoint: http://my-oidc-provider.internal/openid-connect/logout
registration and provider expose Spring Security objects; more information about configuring these objects can be found in the Spring Boot documentation.
Please consult the Configuration section for more specific examples.