Configure the cluster to enable the tenant management API to create and modify tenants.
Table of Contents
Introduction
yuuvis® management console is based on the Tenant Management Endpoints. This article describes the configuration steps that are necessary in order to enable the usage of this API.
To proceed with the configuration, open the internal git repository (e.g. by port forwarding the pod).
Authentication Configuration
- Open the
application-oauth2.ymlfor editing. Create an entry in
authentication.oauth2.tenantsfor the Keycloak master realm:- name: master clientId: dummy-client clientSecret: 12345678-1234-1234-1234-1234567890ab userAuthorizationUri: https://${keycloak.host}/auth/realms/master/protocol/openid-connect/auth accessTokenUri: https://${keycloak.host}/auth/realms/master/protocol/openid-connect/token userInfoUri: https://${keycloak.host}/auth/realms/master/protocol/openid-connect/userinfo endSessionUri: https://${keycloak.host}/auth/realms/master/protocol/openid-connect/logout?redirect_uri=${redir} userNameExtractionPattern: $.sub scope: openid
Expose Endpoints
- Open the
authentication-prod.ymlfor editing. Ensure that your
managementsection is configured as follows:management: endpoints: web: base-path: /manage exposure: include: - health - info - refresh endpoint: refresh: enabled: true info: enabled: true health: enabled: true security: enabled: true- If not already present: add
tenant-managementto the list ofrouting.endpoints. If not already present: add endpoints configuration for the tenant management endpoints to the
authorization.accesseslist as follows:- endpoints: /tenant-management/swagger-ui.html/**,/tenant-management/**/springfox-swagger-ui/**,/tenant-management/**/swagger-resources/**,/tenant-management/**/v2/api-docs/** - endpoints: /tenant-management/api/system/** access: hasAuthority('YUUVIS_SYSTEM_INTEGRATOR') - endpoints: /tenant-management/api/admin/** access: hasAuthority('YUUVIS_TENANT_ADMIN')