Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add docs for authentication with Preview Web UI #24685

Merged
merged 1 commit into from
Jan 30, 2025
+43 −0
Merged

Add docs for authentication with Preview Web UI #24685

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
43 changes: 43 additions & 0 deletions docs/src/main/sphinx/admin/preview-web-interface.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,3 +30,46 @@ Once activated, users can access the interface in the URL context `/ui/preview`
after successful login to the [](/admin/web-interface). For example, the full
URL on a locally running Trino installation or Trino docker container without
TLS configuration is [http://localhost:8080/ui/preview](http://localhost:8080/ui/preview).

## Authentication

The Preview Web UI requires users to authenticate. If Trino is not configured to
require authentication, then any username can be used, and no password is
required or allowed. The UI shows the login dialog for password authentication
with the password input deactivated. This is also automatically the case if the
mosabua marked this conversation as resolved.
Show resolved Hide resolved
cluster is only configured to use HTTP. Typically, users login with the same
username that they use for running queries.

If no system access control is installed, then all users are able to view and
kill any query. This can be restricted by using [query rules](query-rules) with
the [](/security/built-in-system-access-control). Users always have permission
to view or kill their own queries.

### Password authentication

Typically, a password-based authentication method such as [LDAP](/security/ldap)
or [password file](/security/password-file) is used to secure both the Trino
server and the Web UI. When the Trino server is configured to use a password
authenticator, the Web UI authentication type is automatically set to `FORM`. In
this case, the Web UI displays a login form that accepts a username and
password.

### Fixed user authentication

If you require the Preview Web UI to be accessible without authentication, you
can set a fixed username that will be used for all Web UI access by setting the
authentication type to `FIXED` and setting the username with the `web-ui.user`
configuration property. If there is a system access control installed, this user
must have permission to view ,and possibly to kill, queries.

### Other authentication types

The following Preview Web UI authentication types are also supported:

- `CERTIFICATE`, see details in [](/security/certificate)
- `KERBEROS`, see details in [](/security/kerberos)
- `JWT`, see details in [](/security/jwt)
- `OAUTH2`, see details in [](/security/oauth2)

For these authentication types, the username is defined by
[](/security/user-mapping).
Loading