application-oauth2.yml
Parameters of the general oauth2
profile available to all services.
Characteristics
Configuration File Name | application-oauth2.yml |
---|---|
Referenced by Services | authentication,organization,controller |
Storage Location | Git root directory |
Parameters
Parameter | Description | Read by Service | Default Value | |
---|---|---|---|---|
keycloak.host | The parameter is used as a variable for the IP address of the used Keycloak server that can be referenced in The value is set automatically during the installation of the If a different identity provider is used, you can remove this parameter and define an own one in order to reference it in | - | - | |
authentication.oauth2.tenants | List of tenant configurations read by the AUTHENTICATION and CONTROLLER service. Each list entry contains the configuration parameters for one tenant. They have to fit the settings in the used identity provider. If Keycloak is used, check the settings via the Keycloak Admin Console. Further notes:
| AUTHENTICATION, CONTROLLER | See code block below. | |
name | Name of the tenant. If it is changed, please do not forget to adjust it in the | AUTHENTICATION | ||
clientId | Identification of the AUTHENTICATION service for the connection to the identity provider. Valid for all tenants. Get the value from the identity provider. | AUTHENTICATION, CONTROLLER | ||
clientSecret | Tenant-specific identification of the AUTHENTICATION service for the connection to the identity provider. Only valid for one tenant. Get the value from the identity provider. | AUTHENTICATION, CONTROLLER | ||
userAuthorizationUri | Contains the Authorization URI of the OAuth2 identity provider. | AUTHENTICATION | ||
accessTokenUri | Contains the Token URI of the OAuth2 identity provider. The parameter is required. | AUTHENTICATION, CONTROLLER | ||
userInfoUri | URL of the identity provider's endpoint for retrieving user data. The parameter is required. | AUTHENTICATION, CONTROLLER | ||
endSessionUri | If this parameter is set, a sign-out of a yuuvis® Momentum session will trigger a sign-out from the identity provider as well. Set as value the endpoint of the identity provider that is responsable for the sign-out process. | AUTHENTICATION | ||
userNameExtractionPattern | JSON path expression to extract the user name from the response of the endpoint specified in userInfoUri .The parameter is required. | AUTHENTICATION, CONTROLLER | ||
keycloak.server | Parameter read by the ORGANIZATION service if profile keycloak is active: URL of the Keycloak server. | ORGANIZATION | https://keycloak-https.infrastructure/auth | |
keycloak.admin.username | Parameter read by the ORGANIZATION service if profile keycloak is active: Username for the login of the ORGANIZATION service in order to retrieve and store data in Keycloak. | ORGANIZATION | keycloak | |
keycloak.admin.password | Parameter read by the ORGANIZATION service if profile keycloak is active: Password for the login of the ORGANIZATION service in order to retrieve and store data in Keycloak. | ORGANIZATION | changeme |
The values for the parameters can be modified as described here.
>> Configuring Services using Profiles.
authentication.oauth2.tenants: - name: yuuvistest clientId: yuuvis-authentication-service clientSecret: dbdf4856-3c86-4e5f-aca7-96f3d93d35b4 userAuthorizationUri: https://${keycloak.host}/auth/realms/yuuvistest/protocol/openid-connect/auth accessTokenUri: https://${keycloak.host}/auth/realms/yuuvistest/protocol/openid-connect/token userInfoUri: https://${keycloak.host}/auth/realms/yuuvistest/protocol/openid-connect/userinfo endSessionUri: https://${keycloak.host}/auth/realms/yuuvistest/protocol/openid-connect/logout userNameExtractionPattern: $.sub - name: testyuuvis clientId: yuuvis-authentication-service clientSecret: 61048b73-8cd7-4682-b78c-786c5dc8a2a1 userAuthorizationUri: https://${keycloak.host}/auth/realms/testyuuvis/protocol/openid-connect/auth accessTokenUri: https://${keycloak.host}/auth/realms/testyuuvis/protocol/openid-connect/token userInfoUri: https://${keycloak.host}/auth/realms/testyuuvis/protocol/openid-connect/userinfo endSessionUri: https://${keycloak.host}/auth/realms/testyuuvis/protocol/openid-connect/logout userNameExtractionPattern: $.sub