Parameters of the general oauth2 profile available to all services.

Characteristics

Configuration File Name	`application-oauth2.yml`
Referenced by Services	`authentication,organization,controller`
Storage Location	Git root directory

Parameters

Parameter		Description	Read by Service	Default Value
`keycloak.host`		The parameter is used as a variable for the IP address of the used Keycloak server that can be referenced in `authentication.oauth2.tenants`. If the value is changed, the new value will replace the old one in each reference. The value is set automatically during the installation of the `infrastructure` Helm Chart during which the IP address of your Keycloak server has to be specified. If a different identity provider is used, you can remove this parameter and define an own one in order to reference it in `authentication.oauth2.tenants`.	-	-
`authentication.oauth2.tenants`		List of tenant configurations read by the AUTHENTICATION and CONTROLLER service. Each list entry contains the configuration parameters for one tenant. They have to fit the settings in the used identity provider. If Keycloak is used, check the settings via the Keycloak Admin Console. Further notes: We recommend to reference the server IP address via the variable `keycloak.host`. The AUTHENTICATION service has to be registered as Keycloak Client in each Keycloak Realm which corresponds to a tenant in yuuvis® Momentum. >> Installing and Configuring Keycloak as an Identity Provider	AUTHENTICATION, CONTROLLER	See code block below.
	`name`	Name of the tenant. If it is changed, please do not forget to adjust it in the `*Uri` parameters below. The parameter is required.	AUTHENTICATION
	`clientId`	Identification of the AUTHENTICATION service for the connection to the identity provider. Valid for all tenants. Get the value from the identity provider. The parameter is required.	AUTHENTICATION, CONTROLLER
	`clientSecret`	Tenant-specific identification of the AUTHENTICATION service for the connection to the identity provider. Only valid for one tenant. Get the value from the identity provider.	AUTHENTICATION, CONTROLLER
	`userAuthorizationUri`	Contains the Authorization URI of the OAuth2 identity provider.	AUTHENTICATION
	`accessTokenUri`	Contains the Token URI of the OAuth2 identity provider. The parameter is required.	AUTHENTICATION, CONTROLLER
	`userInfoUri`	URL of the identity provider's endpoint for retrieving user data. The parameter is required.	AUTHENTICATION, CONTROLLER
	`endSessionUri`	If this parameter is set, a sign-out of a yuuvis® Momentum session will trigger a sign-out from the identity provider as well. Set as value the endpoint of the identity provider that is responsable for the sign-out process.	AUTHENTICATION
	`userNameExtractionPattern`	JSON path expression to extract the user name from the response of the endpoint specified in `userInfoUri`. The parameter is required.	AUTHENTICATION, CONTROLLER
`keycloak.server`		Parameter read by the ORGANIZATION service if profile `keycloak` is active: URL of the Keycloak server.	ORGANIZATION	`https://keycloak-https.infrastructure/auth`
`keycloak.admin.username`		Parameter read by the ORGANIZATION service if profile `keycloak` is active: Username for the login of the ORGANIZATION service in order to retrieve and store data in Keycloak.	ORGANIZATION	`keycloak`
`keycloak.admin.password`		Parameter read by the ORGANIZATION service if profile `keycloak` is active: Password for the login of the ORGANIZATION service in order to retrieve and store data in Keycloak.	ORGANIZATION	`changeme`

The values for the parameters can be modified as described here.
>> Configuring Services using Profiles.

Default configuration for authentication.oauth2.tenants

authentication.oauth2.tenants:
- name: yuuvistest
  clientId: yuuvis-authentication-service
  clientSecret: dbdf4856-3c86-4e5f-aca7-96f3d93d35b4
  userAuthorizationUri: https://${keycloak.host}/auth/realms/yuuvistest/protocol/openid-connect/auth
  accessTokenUri: https://${keycloak.host}/auth/realms/yuuvistest/protocol/openid-connect/token
  userInfoUri: https://${keycloak.host}/auth/realms/yuuvistest/protocol/openid-connect/userinfo
  endSessionUri: https://${keycloak.host}/auth/realms/yuuvistest/protocol/openid-connect/logout?redirect_uri=${redir}
  userNameExtractionPattern: $.sub
- name: testyuuvis
  clientId: yuuvis-authentication-service
  clientSecret: 61048b73-8cd7-4682-b78c-786c5dc8a2a1
  userAuthorizationUri: https://${keycloak.host}/auth/realms/testyuuvis/protocol/openid-connect/auth
  accessTokenUri: https://${keycloak.host}/auth/realms/testyuuvis/protocol/openid-connect/token
  userInfoUri: https://${keycloak.host}/auth/realms/testyuuvis/protocol/openid-connect/userinfo
  endSessionUri: https://${keycloak.host}/auth/realms/testyuuvis/protocol/openid-connect/logout?redirect_uri=${redir}
  userNameExtractionPattern: $.sub

application-oauth2.yml

Characteristics

Parameters