topic Question - OAuth2.0 implementation in Talend ESB in Talend Studio

Question - OAuth2.0 implementation in Talend ESB

Anonymous — Sat, 16 Nov 2024 09:23:09 GMT

Hi,

I have a requirement where I have a number of RestFul API's that need to be exposed using Talend ESB. The services have been created and I have deployed them on Karaf container, no problem there. But, I need a user based authentication layer like OAuth2 to authenticate those requests. The web app that calls the Rest services is on a remote server. So basically, I need an auth server that is validating all incoming requests before Talend gives back the protected resource.

Can anyone please tell me if this something that can be done within Talend or do I need a separate auth server which Talend would call when receiving a request?

Re: Question - OAuth2.0 implementation in Talend ESB

Anonymous — Tue, 22 Aug 2017 11:58:51 GMT

It can be done starting Talend 6.4, which we released end of June.

Re: Question - OAuth2.0 implementation in Talend ESB

Anonymous — Tue, 22 Aug 2017 12:01:35 GMT

I am using Talend Open Studio 6.4.1.

Could you please provide some more information on how to implement it?

Re: Question - OAuth2.0 implementation in Talend ESB

Anonymous — Tue, 22 Aug 2017 12:06:06 GMT

Ah sorry. It's part of the commercial offering. There you will find the required Talend Identity and Access Management module allowing you to define and create the (technical) OAuth users, which then can be used as part of a route or data service authorization. Components like cREST or tRestRequest will have the necessary settings.

Re: Question - OAuth2.0 implementation in Talend ESB

Anonymous — Tue, 22 Aug 2017 12:16:12 GMT

Do you mean the Talend Administration Center (TAC)?

Re: Question - OAuth2.0 implementation in Talend ESB

Anonymous — Tue, 22 Aug 2017 12:20:51 GMT

Nope.

Talend Identity and Access Management (TIAM) is a new server module installed next to TAC.

Re: Question - OAuth2.0 implementation in Talend ESB

Anonymous — Tue, 22 Aug 2017 12:23:56 GMT

So what you are saying is, I need to have the Talend Enterprise package like Talend Data Fabric suite to implement this within Talend. Correct?

Re: Question - OAuth2.0 implementation in Talend ESB

Anonymous — Tue, 22 Aug 2017 13:07:49 GMT

That's correct. It doesn't have to be Data Fabric but has to be one of Talend ESB (commercial) or Talend Data Services Platform.

Re: Question - OAuth2.0 implementation in Talend ESB

Loko — Wed, 27 Sep 2017 12:21:32 GMT

We have the same goal. Is it possible to do it "by hand" anyway with Open source version of TalendESB ? Somewhat using Camel's low level approach ?

Re: Question - OAuth2.0 implementation in Talend ESB

nmodi — Wed, 14 Mar 2018 20:52:06 GMT

I have same requirement, need to enable authentication for the API's created in talend. We have 6.4 enterprise version & has Talend Identity and Access Management service.

Question is : how do we tie API authentication with IAM service,

I see documentation for https://help.talend.com/reader/P_WfH1B7zRdEI74m2jpD7g/dbBgE2hbyjbMGyZeMYJF5A but there is not documentation that links IAM service with below authentication or is this done at TAC level?

Re: Question - OAuth2.0 implementation in Talend ESB

nmodi — Mon, 09 Apr 2018 16:55:11 GMT

@tsteinborn Could you please help me out connect the dots here, we have 6.4.1 enterprise version.

I have create API endpoint using tRESTRequest & trying to use 'Use Authentication (ESB Runtime Only) Basic HTTP' option to enable authentication on my call, using this reference https://help.talend.com/reader/uwwCVAHxWDS6l5fZQ~lVYA/1CDi6NINp_q5p0PJbdgSnA

I have IAM service installed as well & have users created on IAM service. now how do I use that to authenticate API calls?

1) Created users on IAM service that is apache syncope
2) Updated TAC configuration to use IAM
3)deployed my API endpoint in ESB runtime as service
4)Added this endpoint under ESB Infrastructure-->Authorization & assigned permission to corresponding IAM user

now when I tried to test this call by passing authorization parameter as base64, I still gets 401 Unauthorized.

Re: Question - OAuth2.0 implementation in Talend ESB

Anonymous — Tue, 13 Nov 2018 09:18:15 GMT

Hi Nmodi,

You would have first to activate HTTP_BASIC in your tRESTRequest component (Provider service). Then, everything will be handled at the Talend Runtime level.

By Default, the Talend Runtime's Basic Authentication will be checked against a local file <RuntimeFolder>/etc/users.properties, the authentication ins Talend Runtime is done using JAAS, and the default JAAS Realm (against which the credentials are checked) is not Talend IDM, but Karaf Realm, meaning the users.properties.

In order to use TIDM, you need to switch the Runtime configuration, by opening a Karaf Console, and putting tesb:switch-sts-tidm, as explained in our documentation: https://help.talend.com/reader/N_IWLhlko~bkC9c3_frIgQ/k8Zevl8GSEyBrKg4FYTKog

The previous link will be very useful in understanding and setting up your Basic Authentication configuration.

I hope this helps!