application-oauth2.yml
Parameters of the general oauth2
profile available to all services.
Characteristics
Configuration File Name | application-oauth2.yml |
---|---|
Referenced by Services | authentication,organization,controller |
Storage Location | Git root directory |
Parameters
This article describes the behavior of the core system. However, the configuration file is read by the TENANT-MANAGEMENT Service as well if installed.
Parameter | Description | Read by Service | Default Value | ||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
keycloak.host | The parameter is used as a variable for the IP address of the used Keycloak server that can be referenced in The value is set automatically during the installation of the If a different identity provider is used, you can remove this parameter and define an own one in order to reference it in | - | - | ||||||||||||||
authentication.oauth2.tenants | List of tenant configurations read by the AUTHENTICATION and CONTROLLER service. Each list entry contains the configuration parameters for one tenant. They have to fit the settings in the used identity provider. If Keycloak is used, check the settings via the Keycloak Admin Console. Further notes:
| AUTHENTICATION, CONTROLLER | See code block below. | ||||||||||||||
name | Name of the tenant. If it is changed, please do not forget to adjust it in the | AUTHENTICATION | |||||||||||||||
clientId | Identification of the AUTHENTICATION service for the connection to the identity provider. Valid for all tenants. Get the value from the identity provider. | AUTHENTICATION, CONTROLLER | |||||||||||||||
clientSecret | Tenant-specific identification of the AUTHENTICATION service for the connection to the identity provider. Only valid for one tenant. Get the value from the identity provider. | AUTHENTICATION, CONTROLLER | |||||||||||||||
userAuthorizationUri | Contains the Authorization URI of the OAuth2 identity provider. | AUTHENTICATION | |||||||||||||||
accessTokenUri | Contains the Token URI of the OAuth2 identity provider. The parameter is required. | AUTHENTICATION, CONTROLLER | |||||||||||||||
userInfoUri | URL of the identity provider's endpoint for retrieving user data. The parameter is required. | AUTHENTICATION, CONTROLLER | |||||||||||||||
endSessionUri | If this parameter is set, a logout from a yuuvis® Momentum session will trigger a logout from the identity provider as well. Set as value the endpoint of the identity provider that is responsible for the logout process. As of 2023 Summer: If Keycloak is used as identity provider, the
| AUTHENTICATION | |||||||||||||||
userNameExtractionPattern | JSON path expression to extract the user name from the response of the endpoint specified in userInfoUri .The parameter is required. | AUTHENTICATION, CONTROLLER | |||||||||||||||
scope | Comma-separated list of strings. Available values and their effects depend on the used identity provider. For Keycloak:
| ||||||||||||||||
keycloak.server | Parameter read by the ORGANIZATION service if profile keycloak is active: URL of the Keycloak server. | ORGANIZATION | https://keycloak-https.infrastructure/auth | ||||||||||||||
keycloak.admin.username | Parameter read by the ORGANIZATION service if profile keycloak is active: Username for the login of the ORGANIZATION service in order to retrieve and store data in Keycloak. | ORGANIZATION | keycloak | ||||||||||||||
keycloak.admin.password | Parameter read by the ORGANIZATION service if profile keycloak is active: Password for the login of the ORGANIZATION service in order to retrieve and store data in Keycloak. | ORGANIZATION | changeme |
The values for the parameters can be modified as described here.
>> Configuring Services using Profiles.
authentication.oauth2.tenants: - name: yuuvistest clientId: yuuvis-authentication-service clientSecret: dbdf4856-3c86-4e5f-aca7-96f3d93d35b4 userAuthorizationUri: https://${keycloak.host}/auth/realms/yuuvistest/protocol/openid-connect/auth accessTokenUri: https://${keycloak.host}/auth/realms/yuuvistest/protocol/openid-connect/token userInfoUri: https://${keycloak.host}/auth/realms/yuuvistest/protocol/openid-connect/userinfo endSessionUri: https://${keycloak.host}/auth/realms/yuuvistest/protocol/openid-connect/logout userNameExtractionPattern: $.sub scope: openid - name: testyuuvis clientId: yuuvis-authentication-service clientSecret: 61048b73-8cd7-4682-b78c-786c5dc8a2a1 userAuthorizationUri: https://${keycloak.host}/auth/realms/testyuuvis/protocol/openid-connect/auth accessTokenUri: https://${keycloak.host}/auth/realms/testyuuvis/protocol/openid-connect/token userInfoUri: https://${keycloak.host}/auth/realms/testyuuvis/protocol/openid-connect/userinfo endSessionUri: https://${keycloak.host}/auth/realms/testyuuvis/protocol/openid-connect/logout userNameExtractionPattern: $.sub scope: openid