Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
devel:documentation:application_configuration:dev:backend [2023/12/01 11:01] chalupat [Authentication] |
devel:documentation:application_configuration:dev:backend [2023/12/01 13:10] (current) chalupat [Authentication] |
||
---|---|---|---|
Line 1078: | Line 1078: | ||
# Path to CzechIdM for the HTTP Referer header used by CAS while redirecting back to application. This value is concatenated with CAS ticket to form Referer header. Syntax of this field is https:// | # Path to CzechIdM for the HTTP Referer header used by CAS while redirecting back to application. This value is concatenated with CAS ticket to form Referer header. Syntax of this field is https:// | ||
idm.sec.core.cas.header-prefix= | idm.sec.core.cas.header-prefix= | ||
+ | |||
</ | </ | ||
- | === OIDC authentication | + | |
+ | === OIDC authentication === | ||
@since 13.1.0 [[this> | @since 13.1.0 [[this> | ||
- | < | ||
+ | <code properties> | ||
# Enable authentication via OIDC when false IDM will return 503 SERVICE_UNAVAILABLE on enpoints used for OICD auth, and ignore any Bearer token. Default: false | # Enable authentication via OIDC when false IDM will return 503 SERVICE_UNAVAILABLE on enpoints used for OICD auth, and ignore any Bearer token. Default: false | ||
idm.pub.core.oidc.enabled=false | idm.pub.core.oidc.enabled=false | ||
# REQIRED configuration | # REQIRED configuration | ||
- | # client-id | + | # client-id |
idm.sec.core.oidc.client-id= | idm.sec.core.oidc.client-id= | ||
- | # client-secret | + | # client-secret |
idm.sec.core.oidc.client-secret= | idm.sec.core.oidc.client-secret= | ||
- | # Base URL where OICD provider is accessible. Syntax of this field is https:// | + | # Base URL where OICD provider is accessible. Syntax of this field is https:// |
idm.sec.core.oidc.url= | idm.sec.core.oidc.url= | ||
Line 1100: | Line 1102: | ||
idm.sec.core.oidc.token-path=/ | idm.sec.core.oidc.token-path=/ | ||
- | | + | # Configuration for spring.security most is gotten from auto-discover endpoint (${idm.sec.core.oidc.url}/ |
spring.security.oauth2.client.registration.cas.client-id=${idm.sec.core.oidc.client-id} | spring.security.oauth2.client.registration.cas.client-id=${idm.sec.core.oidc.client-id} | ||
spring.security.oauth2.client.registration.cas.client-secret=${idm.sec.core.oidc.client-secret} | spring.security.oauth2.client.registration.cas.client-secret=${idm.sec.core.oidc.client-secret} | ||
- | #spring.security.oauth2.resource.jwk.key-set-uri=${idm.sec.core.oidc.url}/jwks | + | spring.security.oauth2.client.registration.cas.scope=openid |
+ | spring.security.oauth2.client.registration.cas.redirect-uri={baseUrl}/api/ | ||
# | # | ||
- | # | + | # |
- | #spring.security.oauth2.client.registration.cas.provider=cas | + | |
- | # | + | |
spring.security.oauth2.client.provider.cas.issuer-uri=${idm.sec.core.oidc.url} | spring.security.oauth2.client.provider.cas.issuer-uri=${idm.sec.core.oidc.url} | ||
Line 1113: | Line 1114: | ||
# | # | ||
- | # | ||
- | # | ||
- | # | ||
</ | </ |