User Community Service Desk Downloads
If you can't find the product or version you're looking for, visit support.ataccama.com/downloads

MDM Web App Backend

The MDM Web App configuration file, by default named mda-config.xml, contains important settings for MDM Web App and references to other configuration files.

MDM Web App Backend Component

The MDM Web App Backend Component is the Server component that processes updates of data that are processed by the MDM engine.

When the component is enabled, several features are added to the Web Console. See MDM Admin Center Extras.
<component class="com.ataccama.mda.server.MdaBackendComponent">
    <configFile>mda-config.xml</configFile>
</component>

configFile path to mda-config.xml (relative to mdm.serverConfig)

Parameter Description Default value

configFile

Path to MDM Web App backend configuration file

mda-config.xml

Enabling the component automatically adds a set of DRAFTS tables into MDM hub storage. The tables will be created using the global (model independent) prefix configured in the nme-config.xml, for example, I__DRAFTS.

MDM Web App backend configuration

Backend configuration for MDM Web App is defined in mda-config.xml configuration file.

The following parameters must be configured:

Setting Description Default value

templatePath

Path to the folder with MDM Web App templates.

gui_templates (part of the model project)

gui

Used for setting the application locale. The locale influences the language of labels and some data type visualization, for example, date/datetime format and the thousands separator.

Available locales:

  • en (English)

  • fr (French)

  • ru (Russian)

  • cz (Czech)

defaultLocale="en"

permissions

Path to the MDM Web App permissions configuration file.

mda-permissions.gen.xml

workflow

Path to the workflow configuration file (generated, see Configuring Workflows and Permissions).

mda-workflow.gen.xml

labelFile

Path to the labels file (generated).

mda-label.gen.properties

validations

Path to the validations configuration file (generated, see Configuring Validations).

mda-validations.gen.xml

filterDefinitionsFile

Path to the file with the definition of preconfigured MDM Web App filters (generated, see Configuring Search Definitions).

mda-search.gen.xml

displaySettings

Path to the file with display settings for MDM Web App (generated, see Configuring Display Settings and Data Type Formats).

mda-display.gen.xml

loggerConfig

Path to the audit configuration file (generated, see Configuring Audit Log).

mda-audit.gen.xml

MDM backend sends some messages to the MDM Web App so it must provide some logging credentials for how to login to the Web App. In this case we use Keycloak credentials. Within the notificationManager element you need to supply authentication information. For more information, see Issue Management Configuration Files.
Relative paths to the referenced configuration files are evaluated from the location of the mda-config.xml file.

Communication with MMM and RDM Modules

In mda-config.xml you need to define the URL for the MMM backend and frontend in <beUrl> and <feUrl>, and the URL for RDM frontend in <rdmFeUrl>. By default these are:

<mmmConfig>
    <beUrl>http://localhost:8021/graphql</beUrl>
    <feUrl>http://localhost:8020/</feUrl>
</mmmConfig>
<mdmSecret>
    ew0KICAgICJrdHkiOiAiRUMiLA0KICAgICJkIjogInpKR1lwS0RGRXktX3RJM1hYQ2QzM3ZsN3RfNXNxX3VUNGkwVkFoNEpncjgiLA0KICAgICJ1c2UiOiAic2lnIiwNCiAgICAiY3J2IjogIlAtMjU2IiwNCiAgICAia2lkIjogIi14dGdNclhqTnM2Y2NpTVJjTlUxZzE2LVNBbGlxWGxWMUNfX0h5UzNCb0UiLA0KICAgICJ4IjogIkVMUl9ZRE9ieVJobjVoS0ZNczM0YUJhMUpfNmwxOUpmQ0h1WmwzWi1uSVkiLA0KICAgICJ5IjogInVLbEdvajAtUWp6aHo5ZktxbzZPTlFFNEpzUWlTa1ZqRzlCWUpteFBxLVkiLA0KICAgICJhbGciOiAiRVMyNTYiDQp9
</mdmSecret>

<rdmFeUrl>http://localhost:8060/</rdmFeUrl>

You also need to define the JWT keys.

MDM Data Source Authentication

There are two authentication options for the MDM Data Source: basic authentication (primarily used in ONE Desktop for requests via MDC remote read) and InternalJWT authentication. InternalJWT authentication should be used for communication with other modules (such as AI core) which access the gRPC endpoint.

Authentication is configured in mda-config.xml.

For basic authentication use: com.ataccama.mda.server.grpc.auth.MdaGrpcAuthenticationKeycloakConfig. For InternalJWT authentication use: com.ataccama.mda.server.grpc.auth.MdaGrpcAuthenticationInternalJWTConfig.

Example configurations for both can be seen below: .Basic Configuration

<grpc port="18581" batchSize="1000">
    <authentications>
        <authentication class="com.ataccama.mda.server.grpc.auth.MdaGrpcAuthenticationKeycloakConfig">
            <keycloakConfigName>keycloak-local</keycloakConfigName>
            <keycloakClientId>one-service-account</keycloakClientId>
        </authentication>
    </authentications>
</grpc>
Internal JWT Configuration
<grpc port="18581" batchSize="1000">
    <authentications>
        <authentication class="com.ataccama.mda.server.grpc.auth.MdaGrpcAuthenticationInternalJWTConfig">
            <impersonationRole>IMPERSONATION</impersonationRole>
        </authentication>
    </authentications>
</grpc>
Basic + Internal JWT configuration
<grpc port="18581" batchSize="1000">
    <authentications>
        <authentication class="com.ataccama.mda.server.grpc.auth.MdaGrpcAuthenticationKeycloakConfig">
            <keycloakConfigName>keycloak-local</keycloakConfigName>
            <keycloakClientId>one-service-account</keycloakClientId>
        </authentication>
        <authentication class="com.ataccama.mda.server.grpc.auth.MdaGrpcAuthenticationInternalJWTConfig">
            <impersonationRole>IMPERSONATION</impersonationRole>
        </authentication>
    </authentications>
</grpc>
Browsing, preview and import use GraphQL endpoint in MDM - no additional user configuration is needed. Profiling and DQ Evaluation use gRPC endpoint in MDM - authentication configuration, as detailed here, is required.

The gPRC server uses MDM Web App permissions layer. This means that authorization for profiling and DQ evaluation on the MDM data source will be decided based on the credentials of the currently logged-in user (SSO identity authorization), so you do not need to add credentials when adding the connection.

Communication with other Modules

MDM can not currently communicate with Ataccama ONE gen2 Configuration Service, meaning public keys and private keys must be changed manually. Each time you generate a new pair of keys for MDM you must rewrite the private key and public key in mda-config.xml. When the public key of MDM changes, the new key must also be sent to other modules (that is, MDM public key must be changed in config service). Similarly, every time the public key changes for other modules this must be edited in the deployments node.

MDM private key is found in <mdmSecret>:

<mdmSecret>ew0KICAgICJrdHkiOiAiRUMiLA0KICAgICJkIjogInpKR1lwS0RGRXktX3RJM1hYQ2QzM3ZsN3RfNXNxX3VUNGkwVkFoNEpncjgiLA0KICAgICJ1c2UiOiAic2lnIiwNCiAgICAiY3J2IjogIlAtMjU2IiwNCiAgICAia2lkIjogIi14dGdNclhqTnM2Y2NpTVJjTlUxZzE2LVNBbGlxWGxWMUNfX0h5UzNCb0UiLA0KICAgICJ4IjogIkVMUl9ZRE9ieVJobjVoS0ZNczM0YUJhMUpfNmwxOUpmQ0h1WmwzWi1uSVkiLA0KICAgICJ5IjogInVLbEdvajAtUWp6aHo5ZktxbzZPTlFFNEpzUWlTa1ZqRzlCWUpteFBxLVkiLA0KICAgICJhbGciOiAiRVMyNTYiDQp9</mdmSecret>

The <deployments> configuration holds public keys of each module (DPM, DPE, AI Core and MDM) in <content>:

<deployments>
        <deployment>
            <uri>localhost:8531</uri>
            <name>DPM deployment</name>
            <module>dpm</module>
            <environment>dev</environment>
            <jwtSecrets>
                <jwtSecret>
                    <name>DPM</name>
                    <fingerprint>OIIVv7h3InJdZ0UngDWk9yuwU2cANjdjN_5spoeY984</fingerprint>
                    <content>
                        eyJrdHkiOiJFQyIsImNydiI6IlAtMjU2Iiwia2lkIjoiT0lJVnY3aDNJbkpkWjBVbmdEV2s5eXV3VTJjQU5qZGpOXzVzcG9lWTk4NCIsIngiOiJ6Mm5hRjFOUldPOGMzMHJLX09xVURNTHRwVFdpNEc4bVBYemhCWGRYUEY4IiwieSI6Ilh2bXFaWXFqQ0dxVzI0OTVFUmlUMU9YNDB4cUdOMVJ1akJVU0NsR1VRX28iLCJhbGciOiJFUzI1NiJ9
                    </content>
                    <isRevoked>false</isRevoked>
                </jwtSecret>
            </jwtSecrets>
            <roles>
                <role>IMPERSONATION</role>
            </roles>
        </deployment>
        <deployment>
            <uri>localhost:8532</uri>
            <name>DPE deployment</name>
            <module>dpe</module>
            <environment>dev</environment>
            <jwtSecrets>
                <jwtSecret>
                    <name>DPE</name>
                    <fingerprint>glxSyUkayhaCcvTC6jDrvA4f2QhsZZXyEkie3sVX3kc</fingerprint>
                    <content>
                        eyJrdHkiOiJFQyIsImNydiI6IlAtMjU2Iiwia2lkIjoiZ2x4U3lVa2F5aGFDY3ZUQzZqRHJ2QTRmMlFoc1paWHlFa2llM3NWWDNrYyIsIngiOiJ5MGVON2Fpb1JXRS05Mk1JM0xJR0FETHhPNzI0b090eFlqdWhtOXJ2VEJZIiwieSI6IlVYb3VZMEJ2RVF1dktFRjltbHZPb01qcXJCVHhScWR0WnA0VUF6LTlteG8iLCJhbGciOiJFUzI1NiJ9
                    </content>
                    <isRevoked>false</isRevoked>
                </jwtSecret>
            </jwtSecrets>
            <roles>
                <role>IMPERSONATION</role>
            </roles>
        </deployment>
        <deployment>
            <uri>localhost:8541</uri>
            <name>AI deployment</name>
            <module>aicore</module>
            <environment>dev</environment>
            <jwtSecrets>
                <jwtSecret>
                    <name>AI</name>
                    <fingerprint>qhdOJFUCv2cxjI2BPKEaKs89tZprAEeIeEzKLir_GhU</fingerprint>
                    <content>
                        eyJrdHkiOiJFQyIsImNydiI6IlAtMjU2Iiwia2lkIjoicWhkT0pGVUN2MmN4akkyQlBLRWFLczg5dFpwckFFZUllRXpLTGlyX0doVSIsIngiOiJtTWs2elBhbXQ3U1NjTkp0aUxpQWlUejJnNGJ6bFJJR04tdXQ5NTJNUVBjIiwieSI6Inlwakt2Y0FyMGZtNGttNmJKX2w3LXlQTjNZS3Z2YzdMYVpxU3VoVTcwUkkiLCJhbGciOiJFUzI1NiJ9
                    </content>
                    <isRevoked>false</isRevoked>
                </jwtSecret>
            </jwtSecrets>
            <roles>
                <role>MMM_admin</role>
            </roles>
        </deployment>
        <deployment>
            <uri>localhost:8051</uri>
            <name>MDM deployment</name>
            <module>mdm</module>
            <environment>dev</environment>
            <jwtSecrets>
                <jwtSecret>
                    <name>MDM</name>
                    <fingerprint>-xtgMrXjNs6cciMRcNU1g16-SAliqXlV1C__HyS3BoE</fingerprint>
                    <content>ew0KICAgICJrdHkiOiAiRUMiLA0KICAgICJ1c2UiOiAic2lnIiwNCiAgICAiY3J2IjogIlAtMjU2IiwNCiAgICAia2lkIjogIi14dGdNclhqTnM2Y2NpTVJjTlUxZzE2LVNBbGlxWGxWMUNfX0h5UzNCb0UiLA0KICAgICJ4IjogIkVMUl9ZRE9ieVJobjVoS0ZNczM0YUJhMUpfNmwxOUpmQ0h1WmwzWi1uSVkiLA0KICAgICJ5IjogInVLbEdvajAtUWp6aHo5ZktxbzZPTlFFNEpzUWlTa1ZqRzlCWUpteFBxLVkiLA0KICAgICJhbGciOiAiRVMyNTYiDQp9</content>
                    <isRevoked>false</isRevoked>
                </jwtSecret>
            </jwtSecrets>
            <roles>
                <role>IMPERSONATION</role>
            </roles>
        </deployment>
    </deployments>

Was this page useful?