Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
devel:documentation:application_configuration:dev:backend [2023/03/22 14:25]
apeterova 		devel:documentation:application_configuration:dev:backend [2023/12/01 13:10] (current)
chalupat [Authentication]
Line 991: Line 991:
  
 In the application profile (''application.properties'') - overloadable via ''ConfigurationService''. Authentication filter could have his own configuration properties under prefix: In the application profile (''application.properties'') - overloadable via ''ConfigurationService''. Authentication filter could have his own configuration properties under prefix:
- 
 <code properties> <code properties>
 # enable/ disable filter - enabled by default or by filter implementation. # enable/ disable filter - enabled by default or by filter implementation.
Line 1082: Line 1081:
  
 </code> </code>
 +
 +=== OIDC authentication ===
 +
 +@since 13.1.0 [[this>devel/documentation/security/dev/security#oidc_authentication|OIDC authentication]] can be configured with following properties:
 +
 +<code properties>
 +# Enable authentication via OIDC when false IDM will return 503 SERVICE_UNAVAILABLE on enpoints used for OICD auth, and ignore any Bearer token. Default: false
 +idm.pub.core.oidc.enabled=false
 +# REQIRED configuration
 +# client-id confugured in CAS Service
 +idm.sec.core.oidc.client-id=
 +# client-secret confugured in CAS Service
 +idm.sec.core.oidc.client-secret=
 +# Base URL where OICD provider is accessible. Syntax of this field is https://hostname-of-OICD/URI.
 +idm.sec.core.oidc.url=
 +
 +# OPTIONAL configuration
 +idm.sec.core.oidc.login-path=/authorize
 +idm.sec.core.oidc.logout-path=/logout
 +idm.sec.core.oidc.token-path=/token
 +
 +​​​​​# Configuration for spring.security most is gotten from auto-discover endpoint (${idm.sec.core.oidc.url}/.well-known/openid-configuration) but can be overwritten here
 +spring.security.oauth2.client.registration.cas.client-id=${idm.sec.core.oidc.client-id}
 +spring.security.oauth2.client.registration.cas.client-secret=${idm.sec.core.oidc.client-secret}
 +spring.security.oauth2.client.registration.cas.scope=openid
 +spring.security.oauth2.client.registration.cas.redirect-uri={baseUrl}/api/v1/authentication/oidc-login-response/{registrationId}
 +#spring.security.oauth2.client.registration.cas.authorization-grant-type=authorization_code
 +#spring.security.oauth2.resource.jwk.key-set-uri=${idm.sec.core.oidc.url}/jwks
 +
 +spring.security.oauth2.client.provider.cas.issuer-uri=${idm.sec.core.oidc.url}
 +#spring.security.oauth2.client.provider.cas.token-uri=${idm.sec.core.oidc.token-path}
 +#spring.security.oauth2.client.provider.cas.authorization-uri=${idm.sec.core.oidc.login-path}
 +
 +
 +</code>
 +
  
 ==== Backup ==== ==== Backup ====
  • by apeterova