Deploying Orbital

Enabling authentication

Orbital supports authentication through an OpenID Connect authentication service.

This is disabled by default, and can be configured through a series of parameters passed to Orbital through the command line on startup.

To enable, pass the following config options to Orbital on the command line:

ParameterSample valuesDescription
vyne.security.openIdp.enabledtrue / false (default)Set to true to enable auth
vyne.security.openIdp.issuerUrlhttp://auth-service/auth/realms/Vyne???
vyne.security.openIdp.clientIdvyneThe client id to present to OpenID server
vyne.security.openIdp.jwk-set-urlhttp://auth-service/certsA url to load the set of JWK’s used to verify signatures of presented tokens

A typical docker config might look as follows:

  vyne:
    image: orbitalhq/orbital:${ORBITAL_VERSION}
    volumes:
      - ./vyne-config:/opt/service/config
    environment:
      OPTIONS: >-
        --server.port=80
        --vyne.security.openIdp.enabled=true
        --vyne.security.openIdp.jwk-set-uri=http://keycloak-server/realms/Vyne/protocol/openid-connect/certs
        --vyne.security.openIdp.issuerUrl=http://keycloak-server/realms/Vyne
        --vyne.security.openIdp.clientId=vyne
        --vyne.security.openIdp.scope=openid
        --vyne.license.path=/opt/service/config/license.json

When a user attempts to access Orbital, they will be redirected to the login page as configured with the OpenId connect provider.

See also

Previous
Configuring the Schema Server
Next
Authorization within Orbital