Versions Compared

Version Old Version 1 New Version 2
Changes made by

Armin Franke

Fabian Nola

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Parent

Parameter

Description

Supported values

Default

tia.security

oidc.type

Type of the authentication

none | client_credentials | authorization_code

none

tia.security.oidc

sslBundleName

Name of the configured SSL bundle.

Only needed if spring.security.oauth2.client.registration.cmisauth.client-authentication-method is configured to tls_client_auth or self_signed_tls_client_auth

<user>

selfsignedcertificate

spring.security.oauth2.resourceserver.jwt

issuer-uri

Issuer URI of the authorization server

<user>

spring.security.oauth2.resourceserver.jwt

audience

Expected audience in the aud claim for the token validation

<user>

spring.security.oauth2.resourceserver.jwt

master-tenant-id

Expected tenant ID in the tid claim for the token validation

<user>

...

Code Block
tia:
  security:
    oidc:
      type: authorization_code
      sslBundleName: selfsignedcertificate
spring:
  security:
    oauth2:
      resourceserver:
        jwt:
          issuer-uri: https://login.microsoftonline.com/<tenant id>/v2.0
          audience: <audience>
          master-tenant-id: <tenant id>

...

Parent

Parameter

Description

Required

spring.security.oauth2.client.provider.azure

issuer-uri

Issuer URI of the authorization server

yes

spring.security.oauth2.client.provider.azure

user-name-attribute

The name of the attribute in the token that references the Name or Identifier of the end-user

no

spring.security.oauth2.client.registration.cmisauth

provider

Name of the configured provider

yes

spring.security.oauth2.client.registration.cmisauth

client-id

The client identifier

yes

spring.security.oauth2.client.registration.cmisauth

client-secret

The client secret

yes

spring.security.oauth2.client.registration.cmisauth

authorization-grant-type

A credential representing the resource owner's authorization used by the client to obtain an access token

yes

spring.security.oauth2.client.registration.cmisauth

scope

The scope(s) requested by the client during the authorization request

yes

spring.security.oauth2.client.registration.cmisauth

client-authentication-method

The authentication method used when authenticating the client with the authorization server.

Only needs to get overwritten with tls_client_auth or self_signed_tls_client_auth if the client_redentials flow should authenticate with a certificate

no

spring.ssl.bundle.jks.selfsignedcertificate.key

alias

Key alias

no

spring.ssl.bundle.jks.selfsignedcertificate.key

password

Key password

no

spring.ssl.bundle.jks.selfsignedcertificate.keystore

location

Path to the keystore

no

spring.ssl.bundle.jks.selfsignedcertificate.keystore

password

Keystore password

no

spring.ssl.bundle.jks.selfsignedcertificate.keystore

type

Type of the keystore, e.g. PKCS12

no

Code Block
spring:
  security:
    oauth2:
      client:
        provider:
          azure:
            issuer-uri: https://login.microsoftonline.com/<tenant id>/v2.0
            user-name-attribute: name
        registration:
          cmisauth:
            provider: azure
            client-id: <client id>
            client-secret: <client secret>
            authorization-grant-type: client_credentials
            scope: <client id>/.default
          cmisauthwithcert:
            provider: azure
            client-id: <client id>
            client-authentication-method: self_signed_tls_client_auth
            authorization-grant-type: client_credentials
            scope: <client id>/.default
  ssl:
    bundle:
      jks:
        selfsignedcertificate:
          key:
            alias: <key alias>
            password: <key password>
          keystore:
            location: <path to>\<keystore>.p12
            password: <keystore password>
            type: PKCS12