yuuvis® Momentum Settings for yuuvis® management console

Deprecated as of 2022 Autumn!

This Service is not part of yuuvis® Momentum anymore as of product version 2022 Autumn.

Configure the cluster to enable the tenant management API to create and modify tenants.

Table of Contents

Introduction

yuuvis® management console is based on the Tenant Management Endpoints. This article describes the configuration steps that are necessary in order to enable the authentication of this API via yuuvis® Momentum AUTHENTICATION service.

To proceed with the configuration, open the internal git repository (e.g., by port forwarding the pod).

Authentication Configuration

  • Open the application-oauth2.yml for editing.
  • Create an entry in authentication.oauth2.tenants for the Keycloak master realm:

    -   name: master
        userAuthorizationUri: https://${keycloak.host}/auth/realms/master/protocol/openid-connect/auth
        accessTokenUri: https://${keycloak.host}/auth/realms/master/protocol/openid-connect/token
        userInfoUri: https://${keycloak.host}/auth/realms/master/protocol/openid-connect/userinfo
        endSessionUri: https://${keycloak.host}/auth/realms/master/protocol/openid-connect/logout?redirect_uri=${redir}
        userNameExtractionPattern: $.sub
        scope: openid

Expose Endpoints

  • Open the authentication-prod.yml for editing.
  • Ensure that your management section is configured as follows:

    management:
      endpoints:
        web:
          base-path: /manage
          exposure:
            include:
            - health
            - info
            - refresh
      endpoint:
        refresh:
          enabled: true
        info:
          enabled: true
        health:
          enabled: true
      security:
        enabled: true
  • If not already present: add tenant-management to the list of routing.endpoints.
  • If not already present: add endpoint configurations for the tenant management endpoints to the authorization.accesses list as follows:

      - endpoints: /tenant-management/swagger-ui.html/**,/tenant-management/**/springfox-swagger-ui/**,/tenant-management/**/swagger-resources/**,/tenant-management/**/v2/api-docs/**
      - endpoints: /tenant-management/api/system/**
        access: hasAuthority('YUUVIS_SYSTEM_INTEGRATOR')
      - endpoints: /tenant-management/api/admin/**
        access: hasAuthority('YUUVIS_TENANT_ADMIN')

Summary

The authentication of the Tenant Management API has to be enabled manually by setting the proper values in the configuration profiles application-oauth2.yml and authentication-prod.yml within the internal git repository.

Read on

Keycloak Settings for yuuvis® management console

Configure Keycloak for the use of yuuvis® management console and the management console API. Keep reading

Tenant Creation Profile

Set up a tenant creation profile that defines the initial properties of tenants created via Tenant Management API. Keep reading

Tenant Management Endpoints

These endpoints can be used to retrieve information from the identity provider. Role and user management for a tenant and to create and delete tenants in Keycloak. Keep reading