Categories

Versions

You are viewing the RapidMiner Hub documentation for version 9.10 - Check here for latest version

Configuring RapidMiner Real-Time Scoring Authentication

Only one authentication method should be enabled concurrently!

Regardless of the underlying deployment method, the Real-Time Scoring Agent supports multiple ways of authentication natively:

  • Basic Auth
  • OAuth2

To enable a specific authentication method, adapt the Real-Time Scoring Agent's agent.properties file in the home directory. The file should already contain detailed information which properties need to be changed to enable one of those authentication methods.

Basic Auth

If you like to use the basic auth method, set the property spring.profiles.active=basic to enable it.

In addition to this, the following properties can be used to further define the authentication's behavior.

Property Description Example
security.basic.path Define which endpoints of the RTS are being secured with a path pattern. To secure only my-first-deployment and all admin routes, use /services/my-first-deployment/**,/admin/**. To secure all endpoints use /**
security.user.name Define the username for this authentication method. myUser
security.user.password Define the password for this authentication method. superSecurePassword

OAuth

If you like to use this oauth2 method, set the property spring.profiles.active=oauth2 to enable it.

In addition to this, the following properties can be used to further define the authentication's behavior. All OAuth2 properties are exposed by the application and can be set via security.oauth2.<propertyName>. For a full reference please visit Spring Boot's security custom user information client documentation.

Property Description Example
security.oauth2.path Define which endpoints of the RTS are being secured with a path pattern. To secure only my-first-deployment and all admin routes, use /services/my-first-deployment/**,/admin/**. To secure all endpoints use /**
security.oauth2.resource.id Define the resource id of the RTS which is used as aud claim verification. rapidminer-scoring-agent
security.oauth2.resource.userInfoUri Define the OpenID Connect endpoint for user verification. https://id.yourdomain.tld/auth/realms/testRealm/protocol/openid-connect/userinfo

Although Identity Providers allow assigning attributes like roles to specific users or groups, RTS OAuth2 integration is a global setting. This means that specific RTS endpoints cannot be secured depending on additional user information like their role.