Skip to main content
Solved

Configure runtimeConfig on DQ to auth via KeyCloak using the property truststore-password encrypter

M
Data Voyager
Forum|alt.badge.img

Hi Everyone,

 

     My DQ and KeyCloak is running integrated for authentication but the password in the attribute name=”truststore-password” is using password without encryption.

    I tried to encrypt via command encrypt.bat on DQ  but  without success. I just have a success in the authentication using clear password.

    Is there someone that have success to encrypt the value for the property truststore-password with keycloak?

 

<config class="com.ataccama.server.keycloak.KeycloakDeploymentContributor">
        <keycloakConfigs>
            <keycloakConfig name="keycloak-admin-center.json">
                <!-- Define common parameters for all clients. They can be overridden by client-specific settings.-->
                <url>https://srvkeycloak:8446/auth</url>
                <realm>ataccamaone</realm>
                <attributes>
                    <!--<attribute name="ssl-required" value="external"/> -->
                    <attribute name="enable-basic-auth" value="true"/>
                    <attribute name="ssl-required" value="all"/>
                    <attribute name="truststore" value="C:/dqs_12.6.3_win_x86_64/keycloak/standalone/configuration/keycloak.jks"/>
                   <attribute name="truststore-password" value="passw0rd123"/> 
                  <!-- <attribute name="truststore-password" value="crypted:AES:hN0z4+C3PHfZNZNvO2zmZ0gkhMUz243oIHuM10uHcgo="/> --> 

                </attributes>
                <clients>
                    <client id="one-admin-center">
                        <secret>one-admin-center-s3cret</secret>
                        <attributes>
                            <!-- Define client-specific settings.-->
                            <attribute name="use-resource-role-mappings" value="false"/>
                            <attribute name="public-client" value="false"/>
                            <attribute name="bearer-only" value="false"/>
                            <attribute name="autodetect-bearer-only" value="false"/>
                            <attribute name="always-refresh-token" value="false"/>                           
                            <attribute name="principal-attribute" value="preferred_username"/>
                        </attributes>
                    </client>
                </clients>
            </keycloakConfig>
        </keycloakConfigs>
    </config>

 

Best answer by AKislyakov

Hi @msilva,

Unfortunately, only properties listed as encryptable can be encrypted. The generic attribute list is not one of them.

View original
Did this topic help you find an answer to your question?

2 replies

Cansu
Community Manager
Forum|alt.badge.img+3
  • CansuCommunity Manager
  • Community Manager
  • 632 replies
  • May 29, 2023

Hi @msilva, thank you for posting! You might find the following documentation useful for your use case: 
https://support.ataccama.com/home/docs/aip/12.9.0/data-quality-center/dqc-configuration-reference/encrypting-passwords 

https://support.ataccama.com/home/docs/aip/12.9.0/data-quality-center/dqc-configuration-reference/importing-certificates-to-java-truststore

 

Check out our Quick Start Guide to get started on the community 🙋‍♀️
A
Ataccamer
Forum|alt.badge.img+2
  • AKislyakovAtaccamer
  • Ataccamer
  • 150 replies
  • Answer
  • May 30, 2023

Hi @msilva,

Unfortunately, only properties listed as encryptable can be encrypted. The generic attribute list is not one of them.

Reply


Most Liked this week

Community Terms of Use & ConditionsCookie settings

Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

 
Cookie settings