Skip to content

OpenID integration (stateless authentication)

OpenID is for those who want to manage their Matillion ETL users via the in-instance User Configuration dialog and require no external services. Using OpenID removes the ability to use LDAP and so those following the advice in this section should ignore the advice in the similar LDAP integration** documentation.

  1. SSH into your Matillion ETL instance.
  2. Open the following file for editing: /usr/share/emerald/WEB-INF/classes/Emerald.properties.
  3. Ensure the following variables are set:

    Property Example Value Notes
    DEFAULT_TOMCAT_USER_USERNAME <username> If deleted manually, this user will be recreated upon restarting the instance(s).
    DEFAULT_TOMCAT_USER_PASSWORD <password> Desired default user's password.
    STATELESS_CONFIGURATION Must be set to true
    STATELESS_OPENID_ENABLE true This property must be set to true
    STATELESS_OPENID_PROVIDER GENERIC Valid values are: GENERIC, AZURE, GOOGLE, MICROSOFT and OKTA.
    STATELESS_PROTOCOL_TYPE HTTPS Valid values are: HTTP, HTTPS and BOTH.
    STATELESS_OPENID_ENDPOINT https://<idp-fqdn>/... The chosen OpenID Identity Provider's base URL.
    STATELESS_OPENID_ID <client-id> Usually referred to as the "client ID".
    SEC_STATELESS_OPENID_SECRET <client-secret> Usually referred to as the "client secret" or "secret value".
    STATELESS_OPENID_SCOPE <open-id-scope> See the documentation for each provider's suggested/default scope.
    STATELESS_OPENID_ATTRIBUTE <open-id-attributes> See the documentation for each provider's suggested/default attribute.
    VARIABLE_AUTHENTICATION Must be set to true
  4. Save and close the file.

  5. Open the following file for editing: /etc/sysconfig/tomcat.
  6. Ensure the following variables are set:

    MTLN_PERSISTENCE_URL_POSTGRES="jdbc:postgresql://<DatabaseAddress>:<Port>/DatabaseName"
    MTLN_PERSISTENCE_USERNAME_POSTGRES=<username>
    MTLN_PERSISTENCE_PASSWORD_POSTGRES=<password>
    

    Where the MTLN_PERSISTENCE_URL_POSTGRES address points to the fully qualified domain name (FQDN) of your persistence database and a port may or may not be required, depending on your setup. HA/clustered deployments will be required to provide details for their external Postgres database. For single-node deployments, this database is typically on the instance itself and should have the following values:

    MTLN_PERSISTENCE_URL_POSTGRES="jdbc:postgresql://127.0.0.1/postgres"
    MTLN_PERSISTENCE_USERNAME_POSTGRES=postgres
    MTLN_PERSISTENCE_PASSWORD_POSTGRES=postgres
    
  7. Save and close the file.

  8. The tomcat service must be restarted for your changes to take effect:
systemctl restart tomcat
  1. You can now add users in the AdminUser Configuration menu.