Configuring RapidMiner Real-Time Scoring Authentication
Onlyoneauthentication method should be enabled concurrently!
Regardless of the underlyingdeployment method, the Real-Time Scoring Agent supports multiple ways of authenticationnatively:
- Basic Auth
- OAuth2
To enable a specific authentication method, adapt the Real-Time Scoring Agent's进行file in the home directory. The file should already contain detailed information which properties need to be changed to enable one of those authentication methods.
Basic Auth
If you like to use the basic auth method, set the propertyspring.profiles.active=basicto enable it.
In addition to this, the following properties can be used to further define the authentication's behavior.
| Property | Description | Example |
|---|---|---|
security.basic.path |
Define which endpoints of the RTS are being secured with a path pattern. | To secure onlymy-first-deploymentand all admin routes, use/services/my-first-deployment/**,/admin/**. To secure all endpoints use/** |
security.user.name |
Define the username for this authentication method. | myUser |
security.user.password |
Define the password for this authentication method. | superSecurePassword |
OAuth
If you like to use this oauth2 method, set the propertyspring.profiles.active=oauth2to enable it.
In addition to this, the following properties can be used to further define the authentication's behavior. All OAuth2 properties are exposed by the application and can be set viasecurity.oauth2.. For a full reference please visitSpring Boot's security custom user information client documentation.
| Property | Description | Example |
|---|---|---|
security.oauth2.path |
Define which endpoints of the RTS are being secured with a path pattern. | To secure onlymy-first-deploymentand all admin routes, use/services/my-first-deployment/**,/admin/**. To secure all endpoints use/** |
security.oauth2.resource.id |
Define the resource id of the RTS which is used asaudclaim verification. | rapidminer-scoring-agent |
security.oauth2.resource.userInfoUri |
Define the OpenID Connect endpoint for user verification. | https://id.yourdomain.tld/auth/realms/testRealm/protocol/openid-connect/userinfo |
Although Identity Providers allow assigning attributes like roles to specific users or groups, RTS OAuth2 integration is aglobalsetting. This means that specific RTS endpoints cannot be secured depending on additional user information like their role.
