Categories

Versions

You are viewing the RapidMiner Hub documentation for version 2024.0 - Check here for latest version

Configure Scoring Agent Authentication

Only one authentication method should be enabled concurrently!

Regardless of how you install the endpoint infrastructure, the Scoring Agent natively supports multiple methods of authentication:

  • Basic Auth
  • OAuth2

To enable a specific authentication method, adapt the Scoring Agent's environment variable SPRING_DEFAULT_PROFILES. For example, if you want to use the Basic Auth you should set SPRING_DEFAULT_PROFILES=basic and if you want to use OAuth2 you can use SPRING_DEFAULT_PROFILES=oauth2

Basic Auth

If you like to use the basic auth method, set the corresponding environment variable to enable it.

In addition to this, the following environment variables can be used to further define the authentication's behavior.

Property Description Example
SPRING_SECURITY_BASIC_PATH Define which endpoints of the RTS are being secured with a path pattern. To secure only my-first-deployment and all admin routes, use /services/my-first-deployment/**,/admin/**. To secure all endpoints use /**
SPRING_SECURITY_USER_NAME Define the username for this authentication method. myUser
SPRING_SECURITY_USER_PASSWORD Define the password for this authentication method. superSecurePassword

OAuth

If you like to use this oauth2 method, set the corresponding environment variable to enable it.

In addition to this, the following environment variables can be used to further define the authentication's behavior. All OAuth2 properties are exposed by the application and can be set via SPRING_SECURITY.OAUTH2.<propertyName>. For a full reference please visit Spring Boot's security custom user information client documentation.

Property Description Example
SPRING_SECURITY_OAUTH2_PATH Define which endpoints of the RTS are being secured with a path pattern. To secure only my-first-deployment and all admin routes, use /services/my-first-deployment/**,/admin/**. To secure all endpoints use /**
SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_AUDIENCES Define a list of audiences, which the incoming JWT must match in its aud property. account,rapidminer-scoring-agent
SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_ISSUER_URI Define the OpenID Connect endpoint for user verification. https://id.yourdomain.tld/auth/realms/testRealm

Although Identity Providers allow assigning attributes like roles to specific users or groups, RTS OAuth2 integration is a global setting. This means that specific RTS endpoints cannot be secured depending on additional user information like their role.