HI, we want to setup Temporal as Production grade setup with Proper Authentication/Authorization setup, is there any professional support available, which we can avail to move things faster,
Also, i donot see a way to setup Auth/Authorization to the temporal server base image,
Also lots of clarity is required around how to setup Temporal Server security | Temporal Documentation
Hi @pradnya.bhalekar we provide community support here on the forum.
We also provide support for Temporal Cloud customers, for more info join waitlist here and we can also get you in touch with the sales team if you wish.
i donot see a way to setup Auth/Authorization to the temporal server
Temporal has ClaimsMapper and Authorizer plugins you could use, either the defaults or can create custom ones. More info in docs here.
Also lots of clarity is required around how to setup
Would start by looking at the server samples github repo as mentioned in the docs and go from there. Do you have any specific questions?
I setup keycloak as jwt key provider
and I give following params while starting temporal:
- “TEMPORAL_JWT_KEY_SOURCE1=http://keycloak:8080/auth/realms/temporal/protocol/openid-connect/certs”
- “TEMPORAL_AUTH_AUTHORIZER=jwt”
- “TEMPORAL_AUTH_CLAIM_MAPPER=jwt”
i generate the jwt token by calling keycloak api:
curl -d “client_id=pradnyaclient&grant_type=password&client_secret=ec78c6bb-8339-4bed-9b1b-e973d27107dc&scope=openid&username=pradnyab&password=****” http://localhost:8080/auth/realms/temporal/protocol/openid-connect/token
from this i get the access_token and id_token params, which i try sending to the WorkflowServiceStubs like this:
AuthorizationTokenSupplier tokenSupplier =
//your implementation of token supplier
() → “Bearer eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJOa2RpTlk0ZE9CYllRWVlTV2kyVUl3YnR2aHpxVEwxc0YyZFFfOGlRc2xFIn0.eyJleHAiOjE2NTU0NDQ4MzMsImlhdCI6MTY1NTQ0NDUzNCwiYXV0aF90aW1lIjowLCJqdGkiOiIwOTlmZTJhMC0zNTQyLTRiYTItODQ4OS0xZTg4NTkyYzYwNTQiLCJpc3MiOiJodHRwOi8vbG9jYWxob3N0OjgwODAvYXV0aC9yZWFsbXMvdGVtcG9yYWwiLCJhdWQiOiJwcmFkbnlhY2xpZW50Iiwic3ViIjoiMzQzMWE4NjUtOTg3Zi00NWY4LWI2MmYtYjY4ZTBmMjQ2NDYyIiwidHlwIjoiSUQiLCJhenAiOiJwcmFkbnlhY2xpZW50Iiwic2Vzc2lvbl9zdGF0ZSI6ImIwMjdlM2ZhLWNhMTYtNDJkYS05MzAyLWIzZjFjMDNkZjIzZSIsImF0X2hhc2giOiJaQnVqcldhT25KT3pXV0ExeFJNNlVRIiwiYWNyIjoiMSIsInNpZCI6ImIwMjdlM2ZhLWNhMTYtNDJkYS05MzAyLWIzZjFjMDNkZjIzZSIsImVtYWlsX3ZlcmlmaWVkIjpmYWxzZSwibmFtZSI6InByYWRueWEgYmhhbGVrYXIiLCJwcmVmZXJyZWRfdXNlcm5hbWUiOiJwcmFkbnlhYiIsImdpdmVuX25hbWUiOiJwcmFkbnlhIiwiZmFtaWx5X25hbWUiOiJiaGFsZWthciIsImVtYWlsIjoicHJhZG55YXBiaGFsZWthckBnbWFpbC5jb20ifQ.d78Hq8eXW6QTU2oG2KU-BSVd_1-O8J3p90dBGZEpQxXIQzXhJPrF6CccgSG3ih75erzTd4g2ucSKH2IoWVUBkXNk-lJ9d4ZqjPoAMfvVxgy61P1vCnmlXqSep9UsxR5lnhyN9K9S12Ls0mIJ_jhsoVqbBaIJeyPU47JdSFEeNkEYdosbJDGs8D-CCUQ-Wz3dksldcG7-4fLXQut5zvFq5eDxOiXRh3z8wT-nTFOYsY3sLszi2rnobjgYqeDlYpsOhbI7XPWkIWmxn0DX-o0Lf-0bNV97BPrPbcI_Ofdr-jRLerS6Xx2rWM0lHJNft90uVhou5eWu-aNvUAqeqLmQ”;
WorkflowServiceStubs service =
WorkflowServiceStubs.newInstance(
WorkflowServiceStubsOptions.newBuilder()
.addGrpcMetadataProvider(new AuthorizationGrpcMetadataProvider(tokenSupplier))
.setSslContext(SimpleSslContextBuilder.forPKCS8(clientCert, clientKey).setUseInsecureTrustManager(true).build())
.build());
for which i get the exception:
Caused by: io.grpc.netty.shaded.io.netty.channel.AbstractChannel$AnnotatedConnectException: Connection refused: no further information: /127.0.0.1:7233
Caused by: java.net.ConnectException: Connection refused: no further information
at sun.nio.ch.SocketChannelImpl.checkConnect(Native Method)
at sun.nio.ch.SocketChannelImpl.finishConnect(SocketChannelImpl.java:715)
What wrong am i doing here?