Skip to main content Link Menu Expand (external link) Document Search Copy Copied

How do I set up TLS authentication for FeatureBase Community?

Secure your FeatureBase server with TLS authentication.

Table of contents

Before you begin

FeatureBase configuration file location

Authentication is added to the featurebase.conf file which can be found in different locations depending on the application and software version you have installed.

Application Version Directory path
FeatureBase 1.0+ /featurebase-install-directory/opt/featurebse.conf
Molecula 2.0+ /etc/featurebase.conf
Pilosa 2.0+ /etc/featurebase.conf

Authentication syntax

  enable = true
  {client-id = "<SAML IdP value>"}
  {client-secret = "<SAML IdP value>"}
  {authorize-url = "<SAML IdP value>"}
  {token-url = "<SAML IdP value>"}
  {group-endpoint-url = "<SAML IdP value>"}
  {redirect-base-url = "<SAML IdP value>"}
  {logout-url = "<SAML IdP value>"}
  {scopes = <SAML IdP value>}
  {secret-key = "<featurebase-auth-key>"}
  {permissions = "/featurebase-directory/permissions.yaml"}
  [query-log-path = "/log/directory/"]
  [configured-ips = []]


Key Description Required Further information
enable=true Activate IdP authentication for FeatureBase    
client-id SAML 2.0 Identity Provider (IdP) obtained from Azure AD Applications Overview Yes  
client-secret As for client-id. Yes Obtain from the IdP
authorize-url IdP obtained from Applications Overview > Endpoints. Yes Use v2 links if there are two versions available.
token-url As for authorize-url Yes  
group-endpoint-url SAML IdP API value Yes SAML 2.0 IdP API documentation
redirect-base-url IdP URL that corresponds to your primary FeatureBase node. Yes Example: https://featurebase-hostname-or-ip:10101
logout-url SAML IdP API value Yes [Single sign-out SAML protocol] documentation]({:target=”_blank”}
scopes SAML IdP API value Yes SAML 2.0 scopes and permissions
secret-key Secret key used to secure inter-node communication in a FeatureBase cluster. Yes Generate a secret key
permissions Path for group permissions file that maps group IDs to index-level access. Yes Add group permissions
query-log-path Set path for query audit log Optional
configured-ips Admin permissions are granted for any IP or subnet in this list. If not included or not set, no IPs are allow-listed. Optional Domain names and are not allowed.

Additional information

  • When TLS is enabled, the scheme must be explicitly defined as https in featurebase.conf and in the command-line.
  • /featurebase.conf and /featurebase-install-directory/opt/parameters.yaml must be duplicated on all nodes of a FeatureBase cluster.


Azure Active Directory configuration

  enable = true
  {client-id = "<SAML IdP value>"}
  {client-secret = "<SAML IdP value>"}
  {authorize-url = "<SAML IdP value>"}
  {token-url = "<SAML IdP value>"}
  group-endpoint-url = ""
  {redirect-base-url = "<SAML IdP value>"}
  logout-url = ""
  scopes = ["", "offline_access"]
  {secret-key = "<AZURE-AD-SECRET-KEY"}
  {permissions = "/featurebase-directory/permissions.yaml"}