...
Parent | Parameter | Description | Supported values | Default |
|---|---|---|---|---|
|
| Type of the authentication |
|
|
|
| Name of the configured SSL bundle. Only needed if | <user> |
|
|
| Issuer URI of the authorization server | <user> | |
|
| Expected audience in the | <user> | |
|
| Expected tenant ID in the | <user> |
...
| Code Block |
|---|
tia:
security:
oidc:
type: authorization_code
sslBundleName: selfsignedcertificate
spring:
security:
oauth2:
resourceserver:
jwt:
issuer-uri: https://login.microsoftonline.com/<tenant id>/v2.0
audience: <audience>
master-tenant-id: <tenant id> |
...
tia® Connect to tia®Core CMIS
There are two options
Authentication via client_secret
Authentication via certificate
For client_secret authentication, only a client ID and a client secret need to be configured.
For certificate authentication, a keystore containing the key pair must be provided. A certificate must be generated from this and imported into the app registration.
The client-authentication-method tls_client_auth or self_signed_tls_client_auth needs to get configured. The name of the configured SSL bundle needs to get configured into the tia.security.oidc.sslBundleName property.
How exactly this is configured is described as follows
Parent | Parameter | Description | Required |
|---|---|---|---|
|
| Issuer URI of the authorization server | yes |
|
| The name of the attribute in the token that references the Name or Identifier of the end-user | no |
|
| Name of the configured provider | yes |
|
| The client identifier | yes |
|
| The client secret | yes |
|
| A credential representing the resource owner's authorization used by the client to obtain an access token | yes |
|
| The scope(s) requested by the client during the authorization request | yes |
|
| The authentication method used when authenticating the client with the authorization server. Only needs to get overwritten with | no |
|
| Key alias | no |
|
| Key password | no |
|
| Path to the keystore | no |
|
| Keystore password | no |
|
| Type of the keystore, e.g. | no |
| Code Block |
|---|
spring:
security:
oauth2:
client:
provider:
azure:
issuer-uri: https://login.microsoftonline.com/<tenant id>/v2.0
user-name-attribute: name
registration:
cmisauth:
provider: azure
client-id: <client id>
client-secret: <client secret>
authorization-grant-type: client_credentials
scope: <client id>/.default
cmisauthwithcert:
provider: azure
client-id: <client id>
client-authentication-method: self_signed_tls_client_auth
authorization-grant-type: client_credentials
scope: <client id>/.default
ssl:
bundle:
jks:
selfsignedcertificate:
key:
alias: <key alias>
password: <key password>
keystore:
location: <path to>\<keystore>.p12
password: <keystore password>
type: PKCS12 |