Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
Last revision Both sides next revision
devel:documentation:application_configuration:dev:backend [2023/03/22 14:25]
apeterova 		devel:documentation:application_configuration:dev:backend [2023/12/01 12:42]
chalupat [Authentication]
Line 991: Line 991:
  
 In the application profile (''application.properties'') - overloadable via ''ConfigurationService''. Authentication filter could have his own configuration properties under prefix: In the application profile (''application.properties'') - overloadable via ''ConfigurationService''. Authentication filter could have his own configuration properties under prefix:
- 
 <code properties> <code properties>
 # enable/ disable filter - enabled by default or by filter implementation. # enable/ disable filter - enabled by default or by filter implementation.
Line 1082: Line 1081:
  
 </code> </code>
 +
 +=== OIDC authentication filter ===
 +
 +@since 13.1.0 [[this>devel/documentation/security/dev/security#oidc_authentication|OIDC authentication]] can be configured with following properties:
 +
 +<code properties>
 +# Enable authentication via OIDC when false IDM will return 503 SERVICE_UNAVAILABLE on enpoints used for OICD auth, and ignore any Bearer token. Default: false
 +idm.pub.core.oidc.enabled=false
 +# REQIRED configuration
 +# client-id confugured in CAS Service
 +idm.sec.core.oidc.client-id=
 +# client-secret confugured in CAS Service
 +idm.sec.core.oidc.client-secret=
 +# Base URL where OICD provider is accessible. Syntax of this field is https://hostname-of-OICD/URI.
 +idm.sec.core.oidc.url=
 +
 +# OPTIONAL configuration
 +idm.sec.core.oidc.login-path=/authorize
 +idm.sec.core.oidc.logout-path=/logout
 +idm.sec.core.oidc.token-path=/token
 +
 +​​​​​# Configuration for spring.security most is gotten from auto-discover endpoint (${idm.sec.core.oidc.url}/.well-known/openid-configuration) but can be overwritten here
 +spring.security.oauth2.client.registration.cas.client-id=${idm.sec.core.oidc.client-id}
 +spring.security.oauth2.client.registration.cas.client-secret=${idm.sec.core.oidc.client-secret}
 +spring.security.oauth2.client.registration.cas.scope=openid
 +spring.security.oauth2.client.registration.cas.redirect-uri={baseUrl}/api/v1/authentication/oidc-login-response/{registrationId}
 +#spring.security.oauth2.client.registration.cas.authorization-grant-type=authorization_code
 +#spring.security.oauth2.resource.jwk.key-set-uri=${idm.sec.core.oidc.url}/jwks
 +
 +spring.security.oauth2.client.provider.cas.issuer-uri=${idm.sec.core.oidc.url}
 +#spring.security.oauth2.client.provider.cas.token-uri=${idm.sec.core.oidc.token-path}
 +#spring.security.oauth2.client.provider.cas.authorization-uri=${idm.sec.core.oidc.login-path}
 +
 +
 +</code>
 +
  
 ==== Backup ==== ==== Backup ====
  • by chalupat