Differences

This shows you the differences between two versions of the page.

--- devel:documentation:application_configuration:dev:backend [2023/12/01 11:01]
chalupat [Authentication]
+++ devel:documentation:application_configuration:dev:backend [2023/12/01 13:10] (current)
chalupat [Authentication]
@@ Line 1078: / Line 1078: @@
 # Path to CzechIdM for the HTTP Referer header used by CAS while redirecting back to application. This value is concatenated with CAS ticket to form Referer header. Syntax of this field is https://hostname-of-CzechIdM/URI/?ticket=. Not configured by default.
 idm.sec.core.cas.header-prefix=
 </code>
-=== OIDC authentication filter ===
+=== OIDC authentication ===
 @since 13.1.0 [[this>devel/documentation/security/dev/security#oidc_authentication|OIDC authentication]] can be configured with following properties:
-<code>
+<code properties>
 # Enable authentication via OIDC when false IDM will return 503 SERVICE_UNAVAILABLE on enpoints used for OICD auth, and ignore any Bearer token. Default: false
 idm.pub.core.oidc.enabled=false
 # REQIRED configuration
-# client-id
+# client-id confugured in CAS Service
 idm.sec.core.oidc.client-id=
-# client-secret
+# client-secret confugured in CAS Service
 idm.sec.core.oidc.client-secret=
-# Base URL where OICD provider is accessible. Syntax of this field is https://hostname-of-CAS/URI.
+# Base URL where OICD provider is accessible. Syntax of this field is https://hostname-of-OICD/URI.
 idm.sec.core.oidc.url=
@@ Line 1100: / Line 1102: @@
 idm.sec.core.oidc.token-path=/token
+# Configuration for spring.security most is gotten from auto-discover endpoint (${idm.sec.core.oidc.url}/.well-known/openid-configuration) but can be overwritten here
 spring.security.oauth2.client.registration.cas.client-id=${idm.sec.core.oidc.client-id}
 spring.security.oauth2.client.registration.cas.client-secret=${idm.sec.core.oidc.client-secret}
-#spring.security.oauth2.resource.jwk.key-set-uri=${idm.sec.core.oidc.url}/jwks
+spring.security.oauth2.client.registration.cas.scope=openid
+spring.security.oauth2.client.registration.cas.redirect-uri={baseUrl}/api/v1/authentication/oidc-login-response/{registrationId}
 #spring.security.oauth2.client.registration.cas.authorization-grant-type=authorization_code
-#spring.security.oauth2.client.registration.cas.client-name=cas
+#spring.security.oauth2.resource.jwk.key-set-uri=${idm.sec.core.oidc.url}/jwks
-#spring.security.oauth2.client.registration.cas.provider=cas
-#spring.security.oauth2.client.registration.cas.scope=openid
 spring.security.oauth2.client.provider.cas.issuer-uri=${idm.sec.core.oidc.url}
@@ Line 1113: / Line 1114: @@
 #spring.security.oauth2.client.provider.cas.authorization-uri=${idm.sec.core.oidc.login-path}
-#spring.security.oauth2.resourceserver.opaquetoken.introspection-uri=${idm.sec.core.oidc.url}/introspect
-#spring.security.oauth2.resourceserver.opaquetoken.client-id=${idm.sec.core.oidc.client-id}
-#spring.security.oauth2.resourceserver.opaquetoken.client-secret=${idm.sec.core.oidc.client-secret}
 </code>