Skip to content

Commit 44b76ae

Browse files
CloudWise-LukemiaoCloudWise-Lukemiao
authored
[IOTDB-2591] fix doc of using OIDC as the authority authentication service (apache#5108)
1 parent 762cd4d commit 44b76ae

2 files changed

Lines changed: 47 additions & 2 deletions

File tree

docs/UserGuide/QuickStart/Command-Line-Interface.md

Lines changed: 24 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -150,6 +150,29 @@ Shell >./standalone.sh
150150

151151
![avatar](https://github.com/apache/iotdb-bin-resources/blob/main/docs/UserGuide/CLI/Command-Line-Interface/pwd.png?raw=true)
152152

153+
8、To create a role, click Roles on the left menu and then click the Add Role button to add a role
154+
155+
![avatar](https://github.com/apache/iotdb-bin-resources/blob/main/docs/UserGuide/CLI/Command-Line-Interface/add_role1.png?raw=true)
156+
157+
9、 Enter `iotdb_admin` in the Role Name and click the save button. Tip: `iotdb_admin` here cannot be any other name, otherwise even after successful login, you will not have permission to use iotdb's query, insert, create storage group, add users, roles and other functions
158+
159+
![avatar](https://github.com/apache/iotdb-bin-resources/blob/main/docs/UserGuide/CLI/Command-Line-Interface/add_role2.png?raw=true)
160+
161+
10、Click the User menu on the left and click the Edit button in the user list to add the `iotdb_admin` role we just created for this user
162+
163+
![avatar](https://github.com/apache/iotdb-bin-resources/blob/main/docs/UserGuide/CLI/Command-Line-Interface/add_role3.png?raw=true)
164+
165+
11、 Select Role Mappings, select the `iotdb_admin` role in Available Role and click the Add selected button to add the role
166+
167+
![avatar](https://github.com/apache/iotdb-bin-resources/blob/main/docs/UserGuide/CLI/Command-Line-Interface/add_role4.png?raw=true)
168+
169+
12. If the `iotdb_admin` role is in Assigned Roles and the `Success Role mappings updated` prompt appears, it proves that the role was added successfully
170+
171+
![avatar](https://github.com/apache/iotdb-bin-resources/blob/main/docs/UserGuide/CLI/Command-Line-Interface/add_role5.png?raw=true)
172+
173+
174+
Tip: If the user role is adjusted, you need to regenerate the token and log in to iotdb again to take effect
175+
153176
The above steps provide a way for keycloak to log into iotdb. For more ways, please refer to keycloak configuration
154177

155178
If OIDC is enabled on server side then no username / passwort is needed but a valid Access Token from the OIDC Provider.
@@ -172,7 +195,7 @@ curl -X POST "https://{your-keycloack-server}/auth/realms/{your-realm}/protocol/
172195
-d "username={username}" \
173196
-d "password={password}" \
174197
-d 'grant_type=password' \
175-
-d "client_id=iotdb"
198+
-d "client_id=iotdb-client"
176199
```
177200
The response looks something like
178201

docs/zh/UserGuide/QuickStart/Command-Line-Interface.md

Lines changed: 23 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -139,6 +139,28 @@ Shell >./standalone.sh
139139

140140
![avatar](https://github.com/apache/iotdb-bin-resources/blob/main/docs/UserGuide/CLI/Command-Line-Interface/pwd.png?raw=true)
141141

142+
8、创建角色,点击左侧菜单的 Roles然后点击Add Role 按钮添加角色
143+
144+
![avatar](https://github.com/apache/iotdb-bin-resources/blob/main/docs/UserGuide/CLI/Command-Line-Interface/add_role1.png?raw=true)
145+
146+
9、在Role Name 中输入`iotdb_admin`,点击save 按钮。提示:这里的`iotdb_admin`不能为其他名称否则即使登陆成功后也将无权限使用iotdb的查询、插入、创建存储组、添加用户、角色等功能
147+
148+
![avatar](https://github.com/apache/iotdb-bin-resources/blob/main/docs/UserGuide/CLI/Command-Line-Interface/add_role2.png?raw=true)
149+
150+
10、点击左侧的User 菜单然后点击用户列表中的Edit的按钮为该用户添加我们刚创建的`iotdb_admin`角色
151+
152+
![avatar](https://github.com/apache/iotdb-bin-resources/blob/main/docs/UserGuide/CLI/Command-Line-Interface/add_role3.png?raw=true)
153+
154+
11、选择Role Mappings ,在Available Role选择`iotdb_admin`角色然后点Add selected 按钮添加角色
155+
156+
![avatar](https://github.com/apache/iotdb-bin-resources/blob/main/docs/UserGuide/CLI/Command-Line-Interface/add_role4.png?raw=true)
157+
158+
12、如果`iotdb_admin`角色在Assigned Roles中并且出现`Success Role mappings updated`提示,证明角色添加成功
159+
160+
![avatar](https://github.com/apache/iotdb-bin-resources/blob/main/docs/UserGuide/CLI/Command-Line-Interface/add_role5.png?raw=true)
161+
162+
提示:如果用户角色有调整需要重新生成token并且重新登陆iotdb才会生效
163+
142164
以上步骤提供了一种 keycloak 登陆 iotdb 方式,更多方式请参考 keycloak 配置
143165

144166
若对应的 IoTDB 服务器开启了使用 OpenID Connect (OIDC) 作为权限认证服务,那么就不再需要使用用户名密码进行登录。
@@ -159,7 +181,7 @@ curl -X POST "http://{your-keycloack-server}/auth/realms/{your-realm}/protocol/o
159181
-d "username={username}" \
160182
-d "password={password}" \
161183
-d 'grant_type=password' \
162-
-d "client_id=iotdb"
184+
-d "client_id=iotdb-client"
163185
```
164186

165187
示例结果如下:

0 commit comments

Comments
 (0)