Do not input private or sensitive data. View Qlik Privacy & Cookie Policy.
Skip to main content

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements
Qlik Connect 2026 Agenda Now Available: Explore Sessions
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
DerfelCadarn
Contributor III
Contributor III
‎2017-10-27 09:19 AM

Users from IAM (Syncope) on Talend Data Stewardship.

Hello,

 

In the Talend documentation it is written that the Talend Identity and Access Management "allow you to manage the user access to Talend Data Preparation and Talend Data Stewardship.".

 

Consequently, I created a User with a password inside a Group in Syncope (http://hostSyncope:8080/syncope-consoleand I created a file "tds-client.json" in <myTomcat>/clients with the following content :

 

{
"post_logout_redirect_uris" : [ "http://my-machine:19999/", "http://localhost:19999/", "http://127.0.0.1:19999/" ],
"grant_types" : [ "password", "authorization_code", "refresh_token" ],
"scope" : "openid refreshToken",
"client_secret" : "cB/gNxe2SXR3SPDbhshZXzErZoxVy8yUcs/f6K39rsg=",
"redirect_uris" : [ "http://my-machine:19999/login", "http://localhost:19999/login", "http://127.0.0.1:19999/login" ],
"client_name" : "TDS OIDC Gateway",
"client_id" : "tl6K6ac7tSE-LQ"
}

 

I also checked my data-stewardship.properties file (Segment "### Talend IDP : id/secret for each application") to see if the client_id and the client_secret where the same.

 

Unfortunatly, when I try to connect to Talend Data Stewardship (http://localhost:8080/idp/federation/up/login) with the user I created in Syncope (http://hostSyncope:8080/syncope-console), I have an "Authentication failed" error.

 

What am I supposed to do to enable the user I created in Syncope to have an access to Talend Data Stewardship ?

 

Many thanks.

Labels (4)
Labels
1,300 Views
1 Solution

Accepted Solutions
Anonymous
Not applicable
‎2017-10-30 07:11 AM

Hi,

 

Talend IAM is used as a "bridge" between TAC and Data Preparation/Data Stewardship so that we have single sign-on between Prep and Stewardship (and other web UIs later on). So the interest of defining the links between IAM and Data Stewardship is ... to be able to connect to Data Stewardship with the users defined in TAC.

 

And the rights of the users in Data Stewardship (or Data Preparation) are defined in TAC, not in Talend IAM. Again, to be as explicit as possible: you do not have to and you must not do anything in Syncope's UI to create Data Stewardship users or groups or to manage their rights. Everything happens in TAC.

 

Regards,

 

Gwendal

View solution in original post

1,300 Views
0 Likes
8 Replies
Anonymous
Not applicable
‎2017-10-29 11:18 PM

Hello,

Are you referring to this documentation about:TalendHelpCenter:Installing and configuring Talend Identity and Access Management?

Best regards

Sabrina

 

1,300 Views
0 Likes
DerfelCadarn
Contributor III
Contributor III
‎2017-10-30 04:04 AM
Author

Hello,

 

Yes, I am referring to this documentation that seems incomplete.

 

Regards

 

Etienne

1,300 Views
0 Likes
Anonymous
Not applicable
‎2017-10-30 04:08 AM

Hi,

 

See the following pages for Data Stewardship user creation: https://help.talend.com/reader/rwBWIfzNlMcU~DAjdvxy6g/lBixWpi8wihj30FTNXPTKw. You'll see that you simply have to create your users in TAC (Talend Administration Center). There is no need to create users manually in Talend IAM's Syncope.

 

I'll bring that up to our documentation team to avoid such confusion.

 

Regards,

 

Gwendal

1,300 Views
0 Likes
DerfelCadarn
Contributor III
Contributor III
‎2017-10-30 04:35 AM
Author

Hello,

 

Thanks but I already know how to create this kind of user. I just want to know how to use the IAM (Syncope) according to the Talend Documentation : "... Talend Identity and Access Management that allow you to manage the user access to Talend Data Preparation and Talend Data Stewardship."

 

Could you indicate me how to do that please ?

 

Regards,

 

Etienne

1,300 Views
0 Likes
Anonymous
Not applicable
‎2017-10-30 05:36 AM

Hi,

 

You cannot create users this way and you're not supposed to. The only way to create Data Stewardship/Data Preparation users is via TAC. Hence my comment above on fixing the documentation.

 

Regards,

 

Gwendal

1,300 Views
0 Likes
DerfelCadarn
Contributor III
Contributor III
‎2017-10-30 06:14 AM
Author

Hello,

 

Ok, I cannot create users with Syncope but can I use it to manage (defining rights on) the users I created in the TAC ? What is the interest of adding links (by creating a file "tds-client.json" in <myTomcat>/clients) between IAM and Data Stewardship ?

 

Thanks,

 

Etienne

1,300 Views
0 Likes
Anonymous
Not applicable
‎2017-10-30 07:11 AM

Hi,

 

Talend IAM is used as a "bridge" between TAC and Data Preparation/Data Stewardship so that we have single sign-on between Prep and Stewardship (and other web UIs later on). So the interest of defining the links between IAM and Data Stewardship is ... to be able to connect to Data Stewardship with the users defined in TAC.

 

And the rights of the users in Data Stewardship (or Data Preparation) are defined in TAC, not in Talend IAM. Again, to be as explicit as possible: you do not have to and you must not do anything in Syncope's UI to create Data Stewardship users or groups or to manage their rights. Everything happens in TAC.

 

Regards,

 

Gwendal

1,301 Views
0 Likes
DerfelCadarn
Contributor III
Contributor III
‎2017-10-30 07:18 AM
Author

Ok ! I understand everything now. Thank you very much !

 

Indeed, the documentation wasn't very clear...

1,300 Views
0 Likes