Categories

Versions

Configure Scoring Agent Authentication

Onlyoneauthentication method should be enabled concurrently!

Regardless of how youinstall the endpoint infrastructure, the Scoring Agentnativelysupports multiple methods of authentication:

  • Basic Auth
  • OAuth2

To enable a specific authentication method, adapt the Scoring Agent's environment variableSPRING_DEFAULT_PROFILES. For example, if you want to use the Basic Auth you should setSPRING_DEFAULT_PROFILES=basicand if you want to use OAuth2 you can useSPRING_DEFAULT_PROFILES=oauth2

Basic Auth

If you like to use the basic auth method, set the corresponding environment variable to enable it.

In addition to this, the following environment variables can be used to further define the authentication's behavior.

Property Description Example
SPRING_SECURITY_BASIC_PATH Define which endpoints of the RTS are being secured with a path pattern. 为了保证onlymy-first-deploymentand all admin routes, use/services/my-first-deployment/**,/admin/**. To secure all endpoints use/**
SPRING_SECURITY_USER_NAME Define the username for this authentication method. myUser
SPRING_SECURITY_USER_PASSWORD Define the password for this authentication method. superSecurePassword

OAuth

If you like to use this oauth2 method, set the corresponding environment variable to enable it.

In addition to this, the following environment variables can be used to further define the authentication's behavior. All OAuth2 properties are exposed by the application and can be set viaSPRING_SECURITY.OAUTH2.. For a full reference please visitSpring Boot's security custom user information client documentation.

Property Description Example
SPRING_SECURITY_OAUTH2_PATH Define which endpoints of the RTS are being secured with a path pattern. 为了保证onlymy-first-deploymentand all admin routes, use/services/my-first-deployment/**,/admin/**. To secure all endpoints use/**
SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_AUDIENCES Define a list of audiences, which the incoming JWT must match in itsaudproperty. account,rapidminer-scoring-agent
SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_ISSUER_URI Define the OpenID Connect endpoint for user verification. https://id.yourdomain.tld/auth/realms/testRealm

Although Identity Providers allow assigning attributes like roles to specific users or groups, RTS OAuth2 integration is aglobalsetting. This means that specific RTS endpoints cannot be secured depending on additional user information like their role.