Skip to main content Link Menu Expand (external link) Document Search Copy Copied

How do I set up TLS authentication for FeatureBase Community?

Secure your FeatureBase server with TLS authentication.

Table of contents

Before you begin

FeatureBase configuration file location

Add authentication parameters to the /featurebase/opt/featurebase.conf TOML file.

Earlier versions of FeatureBase saved the /featurebase.conf file in the Operating System /etc folder.

Authentication syntax

  enable = true
  {client-id = "<SAML IdP value>"}
  {client-secret = "<SAML IdP value>"}
  {authorize-url = "<SAML IdP value>"}
  {token-url = "<SAML IdP value>"}
  {group-endpoint-url = "<SAML IdP value>"}
  {redirect-base-url = "<SAML IdP value>"}
  {logout-url = "<SAML IdP value>"}
  {scopes = <SAML IdP value>}
  {secret-key = "<featurebase-auth-key>"}
  {permissions = "/featurebase-directory/permissions.yaml"}
  [query-log-path = "/log/directory/"]
  [configured-ips = []]


Key Description Required Additional information
enable=true Activate IdP authentication for FeatureBase    
client-id SAML 2.0 Identity Provider (IdP) obtained from Azure AD Applications Overview Yes  
client-secret As for client-id. Yes Obtain from the IdP
authorize-url IdP obtained from Applications Overview > Endpoints. Yes Use v2 links if there are two versions available.
token-url As for authorize-url Yes  
group-endpoint-url SAML IdP API value Yes SAML 2.0 IdP API documentation
redirect-base-url IdP URL that corresponds to your primary FeatureBase node. Yes Example: https://featurebase-hostname-or-ip:10101
logout-url SAML IdP API value Yes [Single sign-out SAML protocol] documentation]({:target=”_blank”}
scopes SAML IdP API value Yes SAML 2.0 scopes and permissions
secret-key Secret key used to secure inter-node communication in a FeatureBase cluster. Yes Generate a secret key
permissions Path for group permissions file that maps group IDs to index-level access. Yes Add group permissions
query-log-path Set path for query audit log Optional
configured-ips Admin permissions are granted for any IP or subnet in this list. If not included or not set, no IPs are allow-listed. Optional Domain names and are not allowed.

Additional information

  • When TLS is enabled, the scheme must be explicitly defined as https in featurebase.conf and in the command-line.
  • /featurebase.conf and /featurebase-install-directory/opt/parameters.yaml must be duplicated on all nodes of a FeatureBase cluster.


Azure Active Directory configuration

  enable = true
  {client-id = "<SAML IdP value>"}
  {client-secret = "<SAML IdP value>"}
  {authorize-url = "<SAML IdP value>"}
  {token-url = "<SAML IdP value>"}
  group-endpoint-url = ""
  {redirect-base-url = "<SAML IdP value>"}
  logout-url = ""
  scopes = ["", "offline_access"]
  {secret-key = "<AZURE-AD-SECRET-KEY"}
  {permissions = "/featurebase-directory/permissions.yaml"}