0

We have a requirement where we need to enable only Authorization in Spring Cloud Dataflow server. The authetication will be done from an internal tool. Have tried with the authorization configuration alone leaving out the authentication configuration. But the endpoints are accessible even without an header with an authorization token. Please help with the configurations for enabling authorization only with SCDF server.

Dataflow Server Version: 2.3.0.RELEASE

user12813852
  • 1

1 Answers1

0

Spring Cloud Data Flow support Oauth2/OIDC spec-compliant identity providers. Don't know what your "internal tool" is, and whether or not it is a compliant system.

Either way, you could use the security docs from the ref. guide as to compare configuration options; we have a few samples in the sandbox repo (samples: uaa & keycloack), which you can use also as a reference.

Sabby Anandan
  • 5,636
  • 2
  • 12
  • 21
  • Thanks Sabby, checked the documentation and examples. I am checking for a configuration where I can enable Authorization only not Authentication. The authentication will be done by external tool and a token will be generated. Using this token I will then hit the SCDF url which should validate my token and provide access to endpoints. – user12813852 Apr 30 '20 at 21:35
  • That is something like the below config only spring: cloud: dataflow: security: authorization: provider-role-mappings: uaa: map-oauth-scopes: true role-mappings: ROLE_CREATE: foo.create ROLE_DEPLOY: foo.create ROLE_DESTROY: foo.create ROLE_MANAGE: foo.create ROLE_MODIFY: foo.create ROLE_SCHEDULE: foo.create ROLE_VIEW: foo.view – user12813852 Apr 30 '20 at 21:38
  • Without the below Authentication configuration security: oauth2: client: registration: uaa: redirect-uri: '{baseUrl}/login/oauth2/code/{registrationId}' authorization-grant-type: authorization_code client-id: dataflow client-secret: dataflow scope: - openid provider: uaa: jwk-set-uri: http://uaa:8080/uaa/token_keys ... – user12813852 Apr 30 '20 at 21:42