Configure Scoring Agent Authentication
Onlyoneauthentication method should be enabled concurrently!
Regardless of how youinstall the endpoint infrastructure, the Scoring Agentnativelysupports multiple methods of authentication:
- Basic Auth
- OAuth2
To enable a specific authentication method, adapt the Scoring Agent's environment variableSPRING_DEFAULT_PROFILES. For example, if you want to use the Basic Auth you should setSPRING_DEFAULT_PROFILES=basicand if you want to use OAuth2 you can useSPRING_DEFAULT_PROFILES=oauth2
Basic Auth
If you like to use the basic auth method, set the corresponding environment variable to enable it.
In addition to this, the following environment variables can be used to further define the authentication's behavior.
| Property | Description | Example |
|---|---|---|
SPRING_SECURITY_BASIC_PATH |
Define which endpoints of the RTS are being secured with a path pattern. | 为了保证onlymy-first-deploymentand all admin routes, use/services/my-first-deployment/**,/admin/**. To secure all endpoints use/** |
SPRING_SECURITY_USER_NAME |
Define the username for this authentication method. | myUser |
SPRING_SECURITY_USER_PASSWORD |
Define the password for this authentication method. | superSecurePassword |
OAuth
If you like to use this oauth2 method, set the corresponding environment variable to enable it.
In addition to this, the following environment variables can be used to further define the authentication's behavior. All OAuth2 properties are exposed by the application and can be set viaSPRING_SECURITY.OAUTH2.. For a full reference please visitSpring Boot's security custom user information client documentation.
| Property | Description | Example |
|---|---|---|
SPRING_SECURITY_OAUTH2_PATH |
Define which endpoints of the RTS are being secured with a path pattern. | 为了保证onlymy-first-deploymentand all admin routes, use/services/my-first-deployment/**,/admin/**. To secure all endpoints use/** |
SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_AUDIENCES |
Define a list of audiences, which the incoming JWT must match in itsaudproperty. | account,rapidminer-scoring-agent |
SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_ISSUER_URI |
Define the OpenID Connect endpoint for user verification. | https://id.yourdomain.tld/auth/realms/testRealm |
Although Identity Providers allow assigning attributes like roles to specific users or groups, RTS OAuth2 integration is aglobalsetting. This means that specific RTS endpoints cannot be secured depending on additional user information like their role.
