Druid pac4j based Security extension
Apache Druid Extension to enable OpenID Connect based Authentication for Druid Processes using pac4j as the underlying client library. This can be used with any authentication server that supports same e.g. Okta. This extension should only be used at the router node to enable a group of users in existing authentication server to interact with Druid cluster, using the Web Console. This extension does not support JDBC client authentication.
Configuration
Creating an Authenticator
druid.auth.authenticatorChain=["pac4j"]
druid.auth.authenticator.pac4j.type=pac4j
Properties
Property | Description | Default | required |
---|---|---|---|
druid.auth.pac4j.cookiePassphrase | passphrase for encrypting the cookies used to manage authentication session with browser. It can be provided as plaintext string or The Password Provider. | none | Yes |
druid.auth.pac4j.readTimeout | Socket connect and read timeout duration used when communicating with authentication server | PT5S | No |
druid.auth.pac4j.enableCustomSslContext | Whether to use custom SSLContext setup via simple-client-sslcontext extension which must be added to extensions list when this property is set to true. | false | No |
druid.auth.pac4j.oidc.clientID | OAuth Client Application id. | none | Yes |
druid.auth.pac4j.oidc.clientSecret | OAuth Client Application secret. It can be provided as plaintext string or The Password Provider. | none | Yes |
druid.auth.pac4j.oidc.discoveryURI | discovery URI for fetching OP metadata see this. | none | Yes |
当前内容版权归 Apache Druid 或其关联方所有,如需对内容或内容相关联开源项目进行关注与资助,请访问 Apache Druid .