Configuring stateless authentication

This page outlines how authentication can be configured using environment variables for Matillion ETL. This allows Matillion ETL usernames and passwords to be stored in the Matillion database instead of in the tomcat-users.xml, which is the default for an installation. This is especially useful if you are running a high availability setup and wish to keep username and password details in-sync between servers (nodes in a cluster), as they will be using the shared database, where this configuration is stored.

If you want to start using stateless authentication on a server that already has your users set up, you can export your existing users, then set up stateless authentication, and finally import your users back to your server. This avoids having to set up your users again from scratch. For more information, read Using stateless authentication with existing users. You must export your existing users before configuring stateless authentication as described in the guides linked below.

You must choose one of the following according to your setup. These are mutually exclusive options:

• Internal security.
• OpenID integration.
• LDAP integration.

Refer to Rollback steps if you need to perform a rollback.

Take backups

We advise always taking a backup of the below files before beginning this process as they will be required to revert the configuration if required.

• /usr/share/emerald/WEB-INF/classes/Emerald.properties
• /usr/share/tomcat10/conf/tomcat-users.xml
• /etc/tomcat/server.xml
• /etc/sysconfig/tomcat