Configuring RapidMiner Real-Time Scoring Authentication
Only one authentication method should be enabled concurrently!
Regardless of the underlying deployment method, the Real-Time Scoring Agent supports multiple ways of authentication natively:
- Basic Auth
- OAuth2
To enable a specific authentication method, adapt the Real-Time Scoring Agent's agent.properties file in the
home directory. The file should already contain detailed information which properties need to be changed to enable
one of those authentication methods.
Basic Auth
If you like to use the basic auth method, set the property spring.profiles.active=basic to enable it.
In addition to this, the following properties can be used to further define the authentication's behavior.
| Property | Description | Example |
|---|---|---|
security.basic.path |
Define which endpoints of the RTS are being secured with a path pattern. | To secure only my-first-deployment and all admin routes, use /services/my-first-deployment/**,/admin/**. To secure all endpoints use /** |
security.user.name |
Define the username for this authentication method. | myUser |
security.user.password |
Define the password for this authentication method. | superSecurePassword |
OAuth
If you like to use this oauth2 method, set the property spring.profiles.active=oauth2 to enable it.
In addition to this, the following properties can be used to further define the authentication's behavior. All OAuth2
properties are exposed by the application and can be set via security.oauth2.<propertyName>. For a full
reference please visit Spring Boot's security custom user information client documentation.
| Property | Description | Example |
|---|---|---|
security.oauth2.path |
Define which endpoints of the RTS are being secured with a path pattern. | To secure only my-first-deployment and all admin routes, use /services/my-first-deployment/**,/admin/**. To secure all endpoints use /** |
security.oauth2.resource.id |
Define the resource id of the RTS which is used as aud claim verification. | rapidminer-scoring-agent |
security.oauth2.resource.userInfoUri |
Define the OpenID Connect endpoint for user verification. | https://id.yourdomain.tld/auth/realms/testRealm/protocol/openid-connect/userinfo |
Although Identity Providers allow assigning attributes like roles to specific users or groups, RTS OAuth2 integration is a global setting. This means that specific RTS endpoints cannot be secured depending on additional user information like their role.
