MDM Web App Backend
The MDM Web App configuration file, by default named mda-config.xml, contains important settings for MDM Web App and references to other configuration files.
MDM Web App Backend Component
The MDM Web App Backend Component is the Server component that processes updates of data that are processed by the MDM engine.
| When the component is enabled, several features are added to the Web Console. See MDM Admin Center Extras. |
<component class="com.ataccama.mda.server.MdaBackendComponent">
<configFile>mda-config.xml</configFile>
</component>configFile path to mda-config.xml (relative to mdm.serverConfig)
| Parameter | Description | Default value |
|---|---|---|
configFile |
Path to MDM Web App backend configuration file |
|
-
Requires: Server Component and User Settings Component.
-
Recommended & useful: Logging Component.
Enabling the component automatically adds a set of DRAFTS tables into MDM hub storage.
The tables will be created using the global (model independent) prefix configured in the nme-config.xml, for example, I__DRAFTS.
|
MDM Web App backend configuration
Backend configuration for MDM Web App is defined in mda-config.xml configuration file.
The following parameters must be configured:
| Setting | Description | Default value |
|---|---|---|
|
Path to the folder with MDM Web App templates. |
|
|
Used for setting the application locale. The locale influences the language of labels and some data type visualization, for example, date/datetime format and the thousands separator. Available locales:
|
|
|
Path to the MDM Web App permissions configuration file. |
|
|
Path to the workflow configuration file (generated, see Configuring Workflows and Permissions). |
|
|
Path to the labels file (generated). |
|
|
Path to the validations configuration file (generated, see Configuring Validations). |
|
|
Path to the file with the definition of preconfigured MDM Web App filters (generated, see Configuring Search Definitions). |
|
|
Path to the file with display settings for MDM Web App (generated, see Configuring Display Settings and Data Type Formats). |
|
|
Path to the audit configuration file (generated, see Configuring Audit Log). |
|
MDM backend sends some messages to the MDM Web App so it must provide some logging credentials for how to login to the Web App.
In this case we use Keycloak credentials.
Within the notificationManager element you need to supply authentication information.
For more information, see Issue Management Configuration Files.
|
Relative paths to the referenced configuration files are evaluated from the location of the mda-config.xml file.
|
Communication with MMM and RDM Modules
In mda-config.xml you need to define the URL for the MMM backend and frontend in <beUrl> and <feUrl>, and the URL for RDM frontend in <rdmFeUrl>.
By default these are:
<mmmConfig>
<beUrl>http://localhost:8021/graphql</beUrl>
<feUrl>http://localhost:8020/</feUrl>
</mmmConfig>
<mdmSecret>
ew0KICAgICJrdHkiOiAiRUMiLA0KICAgICJkIjogInpKR1lwS0RGRXktX3RJM1hYQ2QzM3ZsN3RfNXNxX3VUNGkwVkFoNEpncjgiLA0KICAgICJ1c2UiOiAic2lnIiwNCiAgICAiY3J2IjogIlAtMjU2IiwNCiAgICAia2lkIjogIi14dGdNclhqTnM2Y2NpTVJjTlUxZzE2LVNBbGlxWGxWMUNfX0h5UzNCb0UiLA0KICAgICJ4IjogIkVMUl9ZRE9ieVJobjVoS0ZNczM0YUJhMUpfNmwxOUpmQ0h1WmwzWi1uSVkiLA0KICAgICJ5IjogInVLbEdvajAtUWp6aHo5ZktxbzZPTlFFNEpzUWlTa1ZqRzlCWUpteFBxLVkiLA0KICAgICJhbGciOiAiRVMyNTYiDQp9
</mdmSecret>
<rdmFeUrl>http://localhost:8060/</rdmFeUrl>You also need to define the JWT keys.
MDM Data Source Authentication
There are two authentication options for the MDM Data Source: basic authentication (primarily used in ONE Desktop for requests via MDC remote read) and InternalJWT authentication. InternalJWT authentication should be used for communication with other modules (such as AI core) which access the gRPC endpoint.
Authentication is configured in mda-config.xml.
For basic authentication use: com.ataccama.mda.server.grpc.auth.MdaGrpcAuthenticationKeycloakConfig.
For InternalJWT authentication use: com.ataccama.mda.server.grpc.auth.MdaGrpcAuthenticationInternalJWTConfig.
Example configurations for both can be seen below: .Basic Configuration
<grpc port="18581" batchSize="1000">
<authentications>
<authentication class="com.ataccama.mda.server.grpc.auth.MdaGrpcAuthenticationKeycloakConfig">
<keycloakConfigName>keycloak-local</keycloakConfigName>
<keycloakClientId>one-service-account</keycloakClientId>
</authentication>
</authentications>
</grpc><grpc port="18581" batchSize="1000">
<authentications>
<authentication class="com.ataccama.mda.server.grpc.auth.MdaGrpcAuthenticationInternalJWTConfig">
<impersonationRole>IMPERSONATION</impersonationRole>
</authentication>
</authentications>
</grpc><grpc port="18581" batchSize="1000">
<authentications>
<authentication class="com.ataccama.mda.server.grpc.auth.MdaGrpcAuthenticationKeycloakConfig">
<keycloakConfigName>keycloak-local</keycloakConfigName>
<keycloakClientId>one-service-account</keycloakClientId>
</authentication>
<authentication class="com.ataccama.mda.server.grpc.auth.MdaGrpcAuthenticationInternalJWTConfig">
<impersonationRole>IMPERSONATION</impersonationRole>
</authentication>
</authentications>
</grpc>| Browsing, preview and import use GraphQL endpoint in MDM - no additional user configuration is needed. Profiling and DQ Evaluation use gRPC endpoint in MDM - authentication configuration, as detailed here, is required. |
The gPRC server uses MDM Web App permissions layer. This means that authorization for profiling and DQ evaluation on the MDM data source will be decided based on the credentials of the currently logged-in user (SSO identity authorization), so you do not need to add credentials when adding the connection.
Communication with other Modules
MDM can not currently communicate with Ataccama ONE gen2 Configuration Service, meaning public keys and private keys must be changed manually.
Each time you generate a new pair of keys for MDM you must rewrite the private key and public key in mda-config.xml.
When the public key of MDM changes, the new key must also be sent to other modules (that is, MDM public key must be changed in config service).
Similarly, every time the public key changes for other modules this must be edited in the deployments node.
MDM private key is found in <mdmSecret>:
<mdmSecret>ew0KICAgICJrdHkiOiAiRUMiLA0KICAgICJkIjogInpKR1lwS0RGRXktX3RJM1hYQ2QzM3ZsN3RfNXNxX3VUNGkwVkFoNEpncjgiLA0KICAgICJ1c2UiOiAic2lnIiwNCiAgICAiY3J2IjogIlAtMjU2IiwNCiAgICAia2lkIjogIi14dGdNclhqTnM2Y2NpTVJjTlUxZzE2LVNBbGlxWGxWMUNfX0h5UzNCb0UiLA0KICAgICJ4IjogIkVMUl9ZRE9ieVJobjVoS0ZNczM0YUJhMUpfNmwxOUpmQ0h1WmwzWi1uSVkiLA0KICAgICJ5IjogInVLbEdvajAtUWp6aHo5ZktxbzZPTlFFNEpzUWlTa1ZqRzlCWUpteFBxLVkiLA0KICAgICJhbGciOiAiRVMyNTYiDQp9</mdmSecret>The <deployments> configuration holds public keys of each module (DPM, DPE, AI Core and MDM) in <content>:
<deployments>
<deployment>
<uri>localhost:8531</uri>
<name>DPM deployment</name>
<module>dpm</module>
<environment>dev</environment>
<jwtSecrets>
<jwtSecret>
<name>DPM</name>
<fingerprint>OIIVv7h3InJdZ0UngDWk9yuwU2cANjdjN_5spoeY984</fingerprint>
<content>
eyJrdHkiOiJFQyIsImNydiI6IlAtMjU2Iiwia2lkIjoiT0lJVnY3aDNJbkpkWjBVbmdEV2s5eXV3VTJjQU5qZGpOXzVzcG9lWTk4NCIsIngiOiJ6Mm5hRjFOUldPOGMzMHJLX09xVURNTHRwVFdpNEc4bVBYemhCWGRYUEY4IiwieSI6Ilh2bXFaWXFqQ0dxVzI0OTVFUmlUMU9YNDB4cUdOMVJ1akJVU0NsR1VRX28iLCJhbGciOiJFUzI1NiJ9
</content>
<isRevoked>false</isRevoked>
</jwtSecret>
</jwtSecrets>
<roles>
<role>IMPERSONATION</role>
</roles>
</deployment>
<deployment>
<uri>localhost:8532</uri>
<name>DPE deployment</name>
<module>dpe</module>
<environment>dev</environment>
<jwtSecrets>
<jwtSecret>
<name>DPE</name>
<fingerprint>glxSyUkayhaCcvTC6jDrvA4f2QhsZZXyEkie3sVX3kc</fingerprint>
<content>
eyJrdHkiOiJFQyIsImNydiI6IlAtMjU2Iiwia2lkIjoiZ2x4U3lVa2F5aGFDY3ZUQzZqRHJ2QTRmMlFoc1paWHlFa2llM3NWWDNrYyIsIngiOiJ5MGVON2Fpb1JXRS05Mk1JM0xJR0FETHhPNzI0b090eFlqdWhtOXJ2VEJZIiwieSI6IlVYb3VZMEJ2RVF1dktFRjltbHZPb01qcXJCVHhScWR0WnA0VUF6LTlteG8iLCJhbGciOiJFUzI1NiJ9
</content>
<isRevoked>false</isRevoked>
</jwtSecret>
</jwtSecrets>
<roles>
<role>IMPERSONATION</role>
</roles>
</deployment>
<deployment>
<uri>localhost:8541</uri>
<name>AI deployment</name>
<module>aicore</module>
<environment>dev</environment>
<jwtSecrets>
<jwtSecret>
<name>AI</name>
<fingerprint>qhdOJFUCv2cxjI2BPKEaKs89tZprAEeIeEzKLir_GhU</fingerprint>
<content>
eyJrdHkiOiJFQyIsImNydiI6IlAtMjU2Iiwia2lkIjoicWhkT0pGVUN2MmN4akkyQlBLRWFLczg5dFpwckFFZUllRXpLTGlyX0doVSIsIngiOiJtTWs2elBhbXQ3U1NjTkp0aUxpQWlUejJnNGJ6bFJJR04tdXQ5NTJNUVBjIiwieSI6Inlwakt2Y0FyMGZtNGttNmJKX2w3LXlQTjNZS3Z2YzdMYVpxU3VoVTcwUkkiLCJhbGciOiJFUzI1NiJ9
</content>
<isRevoked>false</isRevoked>
</jwtSecret>
</jwtSecrets>
<roles>
<role>MMM_admin</role>
</roles>
</deployment>
<deployment>
<uri>localhost:8051</uri>
<name>MDM deployment</name>
<module>mdm</module>
<environment>dev</environment>
<jwtSecrets>
<jwtSecret>
<name>MDM</name>
<fingerprint>-xtgMrXjNs6cciMRcNU1g16-SAliqXlV1C__HyS3BoE</fingerprint>
<content>ew0KICAgICJrdHkiOiAiRUMiLA0KICAgICJ1c2UiOiAic2lnIiwNCiAgICAiY3J2IjogIlAtMjU2IiwNCiAgICAia2lkIjogIi14dGdNclhqTnM2Y2NpTVJjTlUxZzE2LVNBbGlxWGxWMUNfX0h5UzNCb0UiLA0KICAgICJ4IjogIkVMUl9ZRE9ieVJobjVoS0ZNczM0YUJhMUpfNmwxOUpmQ0h1WmwzWi1uSVkiLA0KICAgICJ5IjogInVLbEdvajAtUWp6aHo5ZktxbzZPTlFFNEpzUWlTa1ZqRzlCWUpteFBxLVkiLA0KICAgICJhbGciOiAiRVMyNTYiDQp9</content>
<isRevoked>false</isRevoked>
</jwtSecret>
</jwtSecrets>
<roles>
<role>IMPERSONATION</role>
</roles>
</deployment>
</deployments>Was this page useful?