-
Notifications
You must be signed in to change notification settings - Fork 2.7k
/
application.properties
212 lines (184 loc) · 12.3 KB
/
application.properties
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
quarkus.keycloak.devservices.create-realm=false
# Default tenant configurationf
quarkus.oidc.client-id=quarkus-app
quarkus.oidc.credentials.secret=secret
quarkus.oidc.authentication.scopes=profile,email
quarkus.oidc.authentication.redirect-path=/web-app
quarkus.oidc.authentication.restore-path-after-redirect=true
quarkus.oidc.authentication.cookie-path-header=some-header
quarkus.oidc.authentication.cookie-domain=localhost
quarkus.oidc.authentication.extra-params.max-age=60
quarkus.oidc.authentication.extra-params.scope=phone
quarkus.oidc.application-type=web-app
quarkus.oidc.authentication.cookie-suffix=test
quarkus.oidc.token-state-manager.encryption-required=false
# OIDC client configuration
quarkus.oidc-client.auth-server-url=${quarkus.oidc.auth-server-url}
quarkus.oidc-client.client-id=${quarkus.oidc.client-id}
quarkus.oidc-client.credentials.secret=${quarkus.oidc.credentials.secret}
quarkus.oidc-client.grant.type=code
# Tenant listener configuration for testing that the login event has been captured
quarkus.oidc.tenant-listener.auth-server-url=${quarkus.oidc.auth-server-url}
quarkus.oidc.tenant-listener.client-id=quarkus-app
quarkus.oidc.tenant-listener.credentials.secret=secret
# Redirect parameters are dropped by redirecting the authenticated user but this final redirect loses the login event message
# on Vertx context; so disabling it for the test endpoint to confirm the login event has been accepted
quarkus.oidc.tenant-listener.authentication.remove-redirect-parameters=false
quarkus.oidc.tenant-listener.authentication.redirect-path=/web-app/refresh/tenant-listener/callback
quarkus.oidc.tenant-listener.application-type=web-app
# Tenant which does not need to restore a request path after redirect, client_secret_post method
quarkus.oidc.tenant-1.auth-server-url=${quarkus.oidc.auth-server-url}
quarkus.oidc.tenant-1.client-id=quarkus-app
quarkus.oidc.tenant-1.credentials.client-secret.value=secret
quarkus.oidc.tenant-1.credentials.client-secret.method=post
quarkus.oidc.tenant-1.token.issuer=${quarkus.oidc.auth-server-url}
quarkus.oidc.tenant-1.authentication.redirect-path=/web-app/callback-after-redirect
quarkus.oidc.tenant-1.application-type=web-app
# Tenant with client which needs to use client_secret_jwt method
quarkus.oidc.tenant-jwt.auth-server-url=${quarkus.oidc.auth-server-url}
quarkus.oidc.tenant-jwt.client-id=quarkus-app-jwt
quarkus.oidc.tenant-jwt.credentials.jwt.secret=AyM1SysPpbyDfgZld3umj1qzKObwVMkoqQ-EstJQLr_T-1qS0gZH75aKtMN3Yj0iPS4hcgUuTwjAzZr1Z9CAow
quarkus.oidc.tenant-jwt.token.issuer=${quarkus.oidc.auth-server-url}
quarkus.oidc.tenant-jwt.authentication.redirect-path=/web-app/callback-jwt-after-redirect
quarkus.oidc.tenant-jwt.authentication.allow-multiple-code-flows=false
quarkus.oidc.tenant-jwt.application-type=web-app
# Tenant with client which needs to use client_secret_jwt but uses client_secret_post
quarkus.oidc.tenant-jwt-not-used.auth-server-url=${quarkus.oidc.auth-server-url}
quarkus.oidc.tenant-jwt-not-used.client-id=quarkus-app-jwt
quarkus.oidc.tenant-jwt-not-used.credentials.client-secret.value=AyM1SysPpbyDfgZld3umj1qzKObwVMkoqQ-EstJQLr_T-1qS0gZH75aKtMN3Yj0iPS4hcgUuTwjAzZr1Z9CAow
quarkus.oidc.tenant-jwt-not-used.credentials.client-secret.method=post
quarkus.oidc.tenant-jwt-not-used.token.issuer=${quarkus.oidc.auth-server-url}
quarkus.oidc.tenant-jwt-not-used.authentication.redirect-path=/web-app/callback-jwt-not-used-after-redirect
quarkus.oidc.tenant-jwt-not-used.application-type=web-app
# Tenant which does not need to restore a request path after redirect with a different redirect path root
quarkus.oidc.tenant-2.auth-server-url=${quarkus.oidc.auth-server-url}
quarkus.oidc.tenant-2.client-id=quarkus-app
quarkus.oidc.tenant-2.credentials.client-secret.value=secret
quarkus.oidc.tenant-2.token.issuer=${quarkus.oidc.auth-server-url}
quarkus.oidc.tenant-2.authentication.redirect-path=/web-app2/name
quarkus.oidc.tenant-2.authentication.cookie-path=/web-app2
quarkus.oidc.tenant-2.application-type=web-app
# Tenant which is only used to test that the failed token request will not cause a redirect loop.
quarkus.oidc.tenant-3.auth-server-url=${quarkus.oidc.auth-server-url}
quarkus.oidc.tenant-3.client-id=quarkus-app
quarkus.oidc.tenant-3.credentials.secret=secret
quarkus.oidc.tenant-3.token.issuer=${quarkus.oidc.auth-server-url}
quarkus.oidc.tenant-3.authentication.redirect-path=/web-app3
quarkus.oidc.tenant-3.application-type=web-app
quarkus.oidc.tenant-logout.auth-server-url=${keycloak.url}/realms/logout-realm
quarkus.oidc.tenant-logout.client-id=quarkus-app
quarkus.oidc.tenant-logout.credentials.secret=secret
quarkus.oidc.tenant-logout.application-type=web-app
quarkus.oidc.tenant-logout.authentication.cookie-path=/tenant-logout
quarkus.oidc.tenant-logout.logout.path=/tenant-logout/logout
quarkus.oidc.tenant-logout.logout.post-logout-path=/tenant-logout/post-logout
quarkus.oidc.tenant-logout.authentication.session-age-extension=2M
quarkus.oidc.tenant-logout.token.refresh-expired=true
quarkus.oidc.tenant-refresh.auth-server-url=${keycloak.url}/realms/logout-realm
quarkus.oidc.tenant-refresh.client-id=quarkus-app
quarkus.oidc.tenant-refresh.credentials.secret=secret
quarkus.oidc.tenant-refresh.application-type=web-app
quarkus.oidc.tenant-refresh.authentication.cookie-path=/tenant-refresh
quarkus.oidc.tenant-refresh.authentication.session-age-extension=2M
quarkus.oidc.tenant-refresh.token.refresh-expired=true
quarkus.oidc.tenant-autorefresh.auth-server-url=${quarkus.oidc.auth-server-url}
quarkus.oidc.tenant-autorefresh.client-id=quarkus-app
quarkus.oidc.tenant-autorefresh.credentials.secret=secret
quarkus.oidc.tenant-autorefresh.application-type=web-app
quarkus.oidc.tenant-autorefresh.authentication.cookie-path=/tenant-autorefresh
quarkus.oidc.tenant-autorefresh.token.refresh-token-time-skew=30S
quarkus.oidc.tenant-autorefresh.authentication.remove-redirect-parameters=false
# Tenant which is used to test that the redirect_uri https scheme is enforced.
quarkus.oidc.tenant-https.auth-server-url=${quarkus.oidc.auth-server-url}
quarkus.oidc.tenant-https.client-id=quarkus-app
quarkus.oidc.tenant-https.credentials.secret=secret
quarkus.oidc.tenant-https.authentication.scopes=profile,email,phone
quarkus.oidc.tenant-https.authentication.extra-params.max-age=60
quarkus.oidc.tenant-https.authentication.forward-params=kc_idp_hint
quarkus.oidc.tenant-https.application-type=web-app
quarkus.oidc.tenant-https.authentication.force-redirect-https-scheme=true
quarkus.oidc.tenant-https.authentication.cookie-suffix=test
quarkus.oidc.tenant-https.authentication.error-path=/tenant-https/error
quarkus.oidc.tenant-https.authentication.pkce-required=true
quarkus.oidc.tenant-https.authentication.nonce-required=true
quarkus.oidc.tenant-https.authentication.pkce-secret=eUk1p7UB3nFiXZGUXi0uph1Y9p34YhBU
quarkus.oidc.tenant-https.authentication.cookie-same-site=strict
quarkus.oidc.tenant-https.authentication.fail-on-missing-state-param=true
quarkus.oidc.tenant-nonce.auth-server-url=${quarkus.oidc.auth-server-url}
quarkus.oidc.tenant-nonce.client-id=quarkus-app
quarkus.oidc.tenant-nonce.credentials.secret=secret
quarkus.oidc.tenant-nonce.authentication.scopes=profile,email,phone
quarkus.oidc.tenant-nonce.authentication.extra-params.max-age=60
quarkus.oidc.tenant-nonce.authentication.redirect-path=/tenant-nonce
quarkus.oidc.tenant-nonce.application-type=web-app
quarkus.oidc.tenant-nonce.authentication.nonce-required=true
quarkus.oidc.tenant-nonce.authentication.state-secret=eUk1p7UB3nFiXZGUXi0uph1Y9p34YhBU
quarkus.oidc.tenant-javascript.auth-server-url=${quarkus.oidc.auth-server-url}
quarkus.oidc.tenant-javascript.client-id=quarkus-app
quarkus.oidc.tenant-javascript.credentials.secret=secret
quarkus.oidc.tenant-javascript.authentication.java-script-auto-redirect=false
quarkus.oidc.tenant-javascript.application-type=web-app
quarkus.oidc.tenant-cookie-path-header.auth-server-url=${quarkus.oidc.auth-server-url}
quarkus.oidc.tenant-cookie-path-header.client-id=quarkus-app
quarkus.oidc.tenant-cookie-path-header.credentials.secret=secret
quarkus.oidc.tenant-cookie-path-header.authentication.cookie-path-header=X-Forwarded-Prefix
quarkus.oidc.tenant-cookie-path-header.application-type=web-app
quarkus.oidc.tenant-idtoken-only.auth-server-url=${quarkus.oidc.auth-server-url}
quarkus.oidc.tenant-idtoken-only.client-id=quarkus-app
quarkus.oidc.tenant-idtoken-only.credentials.secret=secret
quarkus.oidc.tenant-idtoken-only.token-state-manager.strategy=id-token
quarkus.oidc.tenant-idtoken-only.application-type=web-app
quarkus.oidc.tenant-idtoken-only.authentication.user-info-required=false
quarkus.oidc.tenant-idtoken-only.authentication.verify-access-token=false
quarkus.oidc.tenant-id-refresh-token.auth-server-url=${quarkus.oidc.auth-server-url}
quarkus.oidc.tenant-id-refresh-token.client-id=quarkus-app
quarkus.oidc.tenant-id-refresh-token.credentials.secret=secret
quarkus.oidc.tenant-id-refresh-token.token-state-manager.strategy=id-refresh-tokens
quarkus.oidc.tenant-id-refresh-token.application-type=web-app
quarkus.oidc.tenant-id-refresh-token.authentication.user-info-required=false
quarkus.oidc.tenant-id-refresh-token.authentication.verify-access-token=false
quarkus.oidc.tenant-split-id-refresh-token.auth-server-url=${quarkus.oidc.auth-server-url}
quarkus.oidc.tenant-split-id-refresh-token.client-id=quarkus-app
quarkus.oidc.tenant-split-id-refresh-token.credentials.secret=secret
quarkus.oidc.tenant-split-id-refresh-token.token-state-manager.strategy=id-refresh-tokens
quarkus.oidc.tenant-split-id-refresh-token.token-state-manager.split-tokens=true
quarkus.oidc.tenant-split-id-refresh-token.application-type=web-app
quarkus.oidc.tenant-split-id-refresh-token.authentication.user-info-required=false
quarkus.oidc.tenant-split-id-refresh-token.authentication.verify-access-token=false
quarkus.oidc.tenant-split-tokens.auth-server-url=${quarkus.oidc.auth-server-url}
quarkus.oidc.tenant-split-tokens.client-id=quarkus-app
quarkus.oidc.tenant-split-tokens.credentials.secret=secret
quarkus.oidc.tenant-split-tokens.token-state-manager.split-tokens=true
quarkus.oidc.tenant-split-tokens.token-state-manager.encryption-secret=eUk1p7UB3nFiXZGUXi0uph1Y9p34YhBU
quarkus.oidc.tenant-split-tokens.application-type=web-app
quarkus.oidc.tenant-split-tokens.authentication.cookie-same-site=strict
quarkus.http.auth.permission.roles1.paths=/index.html
quarkus.http.auth.permission.roles1.policy=authenticated
quarkus.http.auth.permission.logout.paths=/tenant-logout
quarkus.http.auth.permission.logout.policy=authenticated
quarkus.http.auth.permission.autorefresh.paths=/tenant-autorefresh
quarkus.http.auth.permission.autorefresh.policy=authenticated
quarkus.http.auth.permission.javascript.paths=/tenant-javascript
quarkus.http.auth.permission.javascript.policy=authenticated
quarkus.http.auth.permission.tenant-cookie-path-header.paths=/tenant-cookie-path-header
quarkus.http.auth.permission.tenant-cookie-path-header.policy=authenticated
quarkus.http.auth.permission.post-logout.paths=/tenant-logout/post-logout
quarkus.http.auth.permission.post-logout.policy=permit
quarkus.http.cors=true
quarkus.http.cors.origins=*
quarkus.http.auth.proactive=false
quarkus.http.proxy.enable-forwarded-prefix=true
quarkus.http.proxy.allow-forwarded=true
quarkus.log.category."io.quarkus.oidc.runtime.CodeAuthenticationMechanism".min-level=TRACE
quarkus.log.category."io.quarkus.oidc.runtime.CodeAuthenticationMechanism".level=TRACE
quarkus.log.category."io.quarkus.resteasy.runtime.AuthenticationFailedExceptionMapper".level=DEBUG
quarkus.log.category."io.quarkus.resteasy.runtime.AuthenticationCompletionExceptionMapper".level=DEBUG
quarkus.log.category."io.quarkus.resteasy.runtime.UnauthorizedExceptionMapper".level=DEBUG
quarkus.log.category."io.quarkus.vertx.http.runtime.security.HttpAuthenticator".level=DEBUG
quarkus.log.category."io.quarkus.vertx.http.runtime.security.HttpSecurityRecorder".level=DEBUG
quarkus.log.category."com.gargoylesoftware.htmlunit.javascript.host.css.CSSStyleSheet".level=FATAL
# make code flow default for all paths expect for 'test-security-annotation' path to test annotations
quarkus.http.auth.permission.use-code-flow-by-default.paths=/web-app*,/web-app2*,/web-app3*,/tenant-autorefresh*,/tenant-https*,/tenant-logout*,/tenant-nonce*,/tenant-refresh*,/public-web-app*,/index.html,/,/tenant-cookie-path-header,/tenant-javascript
quarkus.http.auth.permission.use-code-flow-by-default.policy=permit
quarkus.http.auth.permission.use-code-flow-by-default.shared=true
quarkus.http.auth.permission.use-code-flow-by-default.auth-mechanism=code