application-oauth2.yml

Parameters of the general oauth2 profile available to all services.

Characteristics

Configuration File Nameapplication-oauth2.yml
Referenced by Servicesauthentication,organization,controller
Storage LocationGit root directory

Parameters

ParameterDescriptionRead by ServiceDefault Value
keycloak.host

The parameter is used as a variable for the IP address of the used Keycloak server that can be referenced in authentication.oauth2.tenants. If the value is changed, the new value will replace the old one in each reference.

The value is set automatically during the installation of the infrastructure Helm Chart during which the IP address of your Keycloak server has to be specified.

If a different identity provider is used, you can remove this parameter and define an own one in order to reference it in authentication.oauth2.tenants.

--
authentication.oauth2.tenants

List of tenant configurations read by the AUTHENTICATION and CONTROLLER service. Each list entry contains the configuration parameters for one tenant. They have to fit the settings in the used identity provider.

If Keycloak is used, check the settings via the Keycloak Admin Console. Further notes: 

AUTHENTICATION, CONTROLLERSee code block below.

name

Name of the tenant. If it is changed, please do not forget to adjust it in the *Uri parameters below.
The parameter is required.

AUTHENTICATION
clientId

Identification of the AUTHENTICATION service for the connection to the identity provider. Valid for all tenants. Get the value from the identity provider.
The parameter is required.

AUTHENTICATION, CONTROLLER
clientSecret

Tenant-specific identification of the AUTHENTICATION service for the connection to the identity provider. Only valid for one tenant. Get the value from the identity provider.

AUTHENTICATION, CONTROLLER
userAuthorizationUriContains the Authorization URI of the OAuth2 identity provider.AUTHENTICATION
accessTokenUriContains the Token URI of the OAuth2 identity provider.
The parameter is required.
AUTHENTICATION, CONTROLLER
userInfoUriURL of the identity provider's endpoint for retrieving user data. 
The parameter is required.
AUTHENTICATION, CONTROLLER
endSessionUriIf this parameter is set, a sign-out of a yuuvis® Momentum session will trigger a sign-out from the identity provider as well. Set as value the endpoint of the identity provider that is responsable for the sign-out process.AUTHENTICATION
userNameExtractionPatternJSON path expression to extract the user name from the response of the endpoint specified in userInfoUri.
The parameter is required.
AUTHENTICATION, CONTROLLER
keycloak.serverParameter read by the ORGANIZATION service if profile keycloak is active: URL of the Keycloak server.ORGANIZATIONhttps://keycloak-https.infrastructure/auth
keycloak.admin.usernameParameter read by the ORGANIZATION service if profile keycloak is active: Username for the login of the ORGANIZATION service in order to retrieve and store data in Keycloak.ORGANIZATIONkeycloak
keycloak.admin.passwordParameter read by the ORGANIZATION service if profile keycloak is active: Password for the login of the ORGANIZATION service in order to retrieve and store data in Keycloak.ORGANIZATIONchangeme

The values for the parameters can be modified as described here.
>> Configuring Services using Profiles.

Default configuration for authentication.oauth2.tenants
authentication.oauth2.tenants:
- name: yuuvistest
  clientId: yuuvis-authentication-service
  clientSecret: dbdf4856-3c86-4e5f-aca7-96f3d93d35b4
  userAuthorizationUri: https://${keycloak.host}/auth/realms/yuuvistest/protocol/openid-connect/auth
  accessTokenUri: https://${keycloak.host}/auth/realms/yuuvistest/protocol/openid-connect/token
  userInfoUri: https://${keycloak.host}/auth/realms/yuuvistest/protocol/openid-connect/userinfo
  endSessionUri: https://${keycloak.host}/auth/realms/yuuvistest/protocol/openid-connect/logout
  userNameExtractionPattern: $.sub
- name: testyuuvis
  clientId: yuuvis-authentication-service
  clientSecret: 61048b73-8cd7-4682-b78c-786c5dc8a2a1
  userAuthorizationUri: https://${keycloak.host}/auth/realms/testyuuvis/protocol/openid-connect/auth
  accessTokenUri: https://${keycloak.host}/auth/realms/testyuuvis/protocol/openid-connect/token
  userInfoUri: https://${keycloak.host}/auth/realms/testyuuvis/protocol/openid-connect/userinfo
  endSessionUri: https://${keycloak.host}/auth/realms/testyuuvis/protocol/openid-connect/logout
  userNameExtractionPattern: $.sub