yuuvis® Momentum Settings for yuuvis® management console
Deprecated as of 2022 Autumn!
This Service is not part of yuuvis® Momentum anymore as of product version 2022 Autumn.
Configure the cluster to enable the tenant management API to create and modify tenants.
Table of Contents
Introduction
yuuvis® management console is based on the Tenant Management Endpoints. This article describes the configuration steps that are necessary in order to enable the authentication of this API via yuuvis® Momentum AUTHENTICATION service.
To proceed with the configuration, open the internal git repository (e.g., by port forwarding the pod).
Authentication Configuration
- Open the
application-oauth2.yml
for editing. Create an entry in
authentication.oauth2.tenants
for the Keycloak master realm:- name: master userAuthorizationUri: https://${keycloak.host}/auth/realms/master/protocol/openid-connect/auth accessTokenUri: https://${keycloak.host}/auth/realms/master/protocol/openid-connect/token userInfoUri: https://${keycloak.host}/auth/realms/master/protocol/openid-connect/userinfo endSessionUri: https://${keycloak.host}/auth/realms/master/protocol/openid-connect/logout?redirect_uri=${redir} userNameExtractionPattern: $.sub scope: openid
Expose Endpoints
- Open the
authentication-prod.yml
for editing. Ensure that your
management
section is configured as follows:management: endpoints: web: base-path: /manage exposure: include: - health - info - refresh endpoint: refresh: enabled: true info: enabled: true health: enabled: true security: enabled: true
- If not already present: add
tenant-management
to the list ofrouting.endpoints
. If not already present: add endpoint configurations for the tenant management endpoints to the
authorization.accesses
list as follows:- endpoints: /tenant-management/swagger-ui.html/**,/tenant-management/**/springfox-swagger-ui/**,/tenant-management/**/swagger-resources/**,/tenant-management/**/v2/api-docs/** - endpoints: /tenant-management/api/system/** access: hasAuthority('YUUVIS_SYSTEM_INTEGRATOR') - endpoints: /tenant-management/api/admin/** access: hasAuthority('YUUVIS_TENANT_ADMIN')
Summary
The authentication of the Tenant Management API has to be enabled manually by setting the proper values in the configuration profiles application-oauth2.yml
and authentication-prod.yml
within the internal git repository.