forked from quarkusio/quarkus
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathapplication.properties
More file actions
265 lines (235 loc) · 16 KB
/
application.properties
File metadata and controls
265 lines (235 loc) · 16 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
quarkus.oidc.health.enabled=true
quarkus.keycloak.devservices.create-realm=false
quarkus.keycloak.devservices.show-logs=true
# Default tenant configuration
quarkus.oidc.client-id=quarkus-app
quarkus.oidc.client-name=Quarkus Keycloak
quarkus.oidc.credentials.secret=secret
quarkus.oidc.authentication.scopes=profile,email
quarkus.oidc.authentication.redirect-path=/web-app
quarkus.oidc.authentication.restore-path-after-redirect=true
quarkus.oidc.authentication.cookie-path-header=some-header
quarkus.oidc.authentication.cookie-domain=localhost
quarkus.oidc.authentication.extra-params.max-age=60
quarkus.oidc.authentication.extra-params.scope=phone
quarkus.oidc.authentication.fail-on-unresolved-kid=false
quarkus.oidc.application-type=web-app
quarkus.oidc.authentication.cookie-suffix=test
quarkus.oidc.token-state-manager.encryption-required=false
quarkus.oidc.token.allow-jwt-introspection=false
quarkus.oidc.resource-metadata.enabled=true
# OIDC client configuration
quarkus.oidc-client.auth-server-url=${quarkus.oidc.auth-server-url}
quarkus.oidc-client.client-id=${quarkus.oidc.client-id}
quarkus.oidc-client.credentials.secret=${quarkus.oidc.credentials.secret}
quarkus.oidc-client.grant.type=code
# Tenant listener configuration for testing that the login event has been captured
quarkus.oidc.tenant-listener.auth-server-url=${quarkus.oidc.auth-server-url}
quarkus.oidc.tenant-listener.client-id=quarkus-app
quarkus.oidc.tenant-listener.credentials.secret=secret
# Redirect parameters are dropped by redirecting the authenticated user but this final redirect loses the login event message
# on Vertx context; so disabling it for the test endpoint to confirm the login event has been accepted
quarkus.oidc.tenant-listener.authentication.remove-redirect-parameters=false
quarkus.oidc.tenant-listener.authentication.redirect-path=/web-app/refresh/tenant-listener/callback
quarkus.oidc.tenant-listener.application-type=web-app
# Tenant listener configuration for testing that the login event has been captured
quarkus.oidc.tenant-restore-query-keep-redirect-params.auth-server-url=${quarkus.oidc.auth-server-url}
quarkus.oidc.tenant-restore-query-keep-redirect-params.client-id=quarkus-app
quarkus.oidc.tenant-restore-query-keep-redirect-params.credentials.secret=secret
quarkus.oidc.tenant-restore-query-keep-redirect-params.authentication.remove-redirect-parameters=false
quarkus.oidc.tenant-restore-query-keep-redirect-params.authentication.restore-path-after-redirect=true
quarkus.oidc.tenant-restore-query-keep-redirect-params.authentication.redirect-path=/web-app/refresh/tenant-restore-query-keep-redirect-params/callback
quarkus.oidc.tenant-restore-query-keep-redirect-params.application-type=web-app
# Tenant which does not need to restore a request path after redirect, client_secret_post method
quarkus.oidc.tenant-1.auth-server-url=${quarkus.oidc.auth-server-url}
quarkus.oidc.tenant-1.client-id=quarkus-app
quarkus.oidc.tenant-1.credentials.client-secret.value=secret
quarkus.oidc.tenant-1.credentials.client-secret.method=post
quarkus.oidc.tenant-1.token.issuer=${quarkus.oidc.auth-server-url}
quarkus.oidc.tenant-1.authentication.redirect-path=/web-app/callback-after-redirect
quarkus.oidc.tenant-1.application-type=web-app
# Tenant with client which needs to use client_secret_jwt method
quarkus.oidc.tenant-jwt.auth-server-url=${quarkus.oidc.auth-server-url}
quarkus.oidc.tenant-jwt.client-id=quarkus-app-jwt
quarkus.oidc.tenant-jwt.credentials.jwt.secret=AyM1SysPpbyDfgZld3umj1qzKObwVMkoqQ-EstJQLr_T-1qS0gZH75aKtMN3Yj0iPS4hcgUuTwjAzZr1Z9CAow
quarkus.oidc.tenant-jwt.token.issuer=${quarkus.oidc.auth-server-url}
quarkus.oidc.tenant-jwt.authentication.redirect-path=/web-app/callback-jwt-after-redirect
quarkus.oidc.tenant-jwt.authentication.allow-multiple-code-flows=false
quarkus.oidc.tenant-jwt.application-type=web-app
# Tenant with client which needs to use client_secret_jwt but uses client_secret_post
quarkus.oidc.tenant-jwt-not-used.auth-server-url=${quarkus.oidc.auth-server-url}
quarkus.oidc.tenant-jwt-not-used.client-id=quarkus-app-jwt
quarkus.oidc.tenant-jwt-not-used.credentials.client-secret.value=AyM1SysPpbyDfgZld3umj1qzKObwVMkoqQ-EstJQLr_T-1qS0gZH75aKtMN3Yj0iPS4hcgUuTwjAzZr1Z9CAow
quarkus.oidc.tenant-jwt-not-used.credentials.client-secret.method=post
quarkus.oidc.tenant-jwt-not-used.token.issuer=${quarkus.oidc.auth-server-url}
quarkus.oidc.tenant-jwt-not-used.authentication.redirect-path=/web-app/callback-jwt-not-used-after-redirect
quarkus.oidc.tenant-jwt-not-used.application-type=web-app
# Tenant which does not need to restore a request path after redirect with a different redirect path root
quarkus.oidc.tenant-2.auth-server-url=${quarkus.oidc.auth-server-url}
quarkus.oidc.tenant-2.client-id=quarkus-app
quarkus.oidc.tenant-2.credentials.client-secret.value=secret
quarkus.oidc.tenant-2.token.issuer=${quarkus.oidc.auth-server-url}
quarkus.oidc.tenant-2.authentication.redirect-path=/web-app2/name
quarkus.oidc.tenant-2.authentication.cookie-path=/web-app2
quarkus.oidc.tenant-2.application-type=web-app
# Tenant which is only used to test that the failed token request will not cause a redirect loop.
quarkus.oidc.tenant-3.auth-server-url=${quarkus.oidc.auth-server-url}
quarkus.oidc.tenant-3.client-id=quarkus-app
quarkus.oidc.tenant-3.credentials.secret=secret
quarkus.oidc.tenant-3.token.issuer=${quarkus.oidc.auth-server-url}
quarkus.oidc.tenant-3.authentication.redirect-path=/web-app3
quarkus.oidc.tenant-3.application-type=web-app
quarkus.oidc.tenant-logout.auth-server-url=${keycloak.url}/realms/logout-realm
quarkus.oidc.tenant-logout.client-id=quarkus-app
quarkus.oidc.tenant-logout.credentials.secret=eUk1p7UB3nFiXZGUXi0uph1Y9p34YhBU
quarkus.oidc.tenant-logout.application-type=web-app
quarkus.oidc.tenant-logout.authentication.cookie-path=/tenant-logout
quarkus.oidc.tenant-logout.logout.path=/tenant-logout/logout
quarkus.oidc.tenant-logout.logout.post-logout-path=/tenant-logout/post-logout
quarkus.oidc.tenant-logout.authentication.session-age-extension=2M
quarkus.oidc.tenant-logout.token.refresh-expired=true
quarkus.oidc.tenant-refresh.auth-server-url=${keycloak.url}/realms/logout-realm
quarkus.oidc.tenant-refresh.client-id=quarkus-app
quarkus.oidc.tenant-refresh.credentials.secret=eUk1p7UB3nFiXZGUXi0uph1Y9p34YhBU
quarkus.oidc.tenant-refresh.application-type=web-app
quarkus.oidc.tenant-refresh.authentication.cookie-path=/tenant-refresh
quarkus.oidc.tenant-refresh.authentication.session-age-extension=2M
quarkus.oidc.tenant-refresh.authentication.session-expired-path=/tenant-refresh/session-expired-page
quarkus.oidc.tenant-refresh.token.refresh-expired=true
# It avoids an auto-redirect that drops code flow parameters, to make it easier
# to test that Cache-Control is set immediately when the session cookie is created
quarkus.oidc.tenant-refresh.authentication.remove-redirect-parameters=false
quarkus.oidc.tenant-refresh.authentication.cache-control=no-store
quarkus.oidc.tenant-refresh.resource-metadata.enabled=true
quarkus.oidc.tenant-refresh.resource-metadata.scopes=read,write
quarkus.oidc.tenant-autorefresh.auth-server-url=${quarkus.oidc.auth-server-url}
quarkus.oidc.tenant-autorefresh.client-id=quarkus-app
quarkus.oidc.tenant-autorefresh.credentials.secret=secret
quarkus.oidc.tenant-autorefresh.application-type=web-app
quarkus.oidc.tenant-autorefresh.authentication.cookie-path=/tenant-autorefresh
quarkus.oidc.tenant-autorefresh.token.refresh-token-time-skew=30S
quarkus.oidc.tenant-autorefresh.authentication.remove-redirect-parameters=false
# Tenant which is used to test that the redirect_uri https scheme is enforced.
quarkus.oidc.tenant-https.auth-server-url=${quarkus.oidc.auth-server-url}
quarkus.oidc.tenant-https.client-id=quarkus-app
quarkus.oidc.tenant-https.credentials.secret=secret
quarkus.oidc.tenant-https.authentication.scopes=profile,email,phone
quarkus.oidc.tenant-https.authentication.extra-params.max-age=60
quarkus.oidc.tenant-https.authentication.forward-params=kc_idp_hint
quarkus.oidc.tenant-https.application-type=web-app
quarkus.oidc.tenant-https.authentication.force-redirect-https-scheme=true
quarkus.oidc.tenant-https.authentication.cookie-suffix=test
quarkus.oidc.tenant-https.authentication.error-path=/tenant-https/error
quarkus.oidc.tenant-https.authentication.pkce-required=true
quarkus.oidc.tenant-https.authentication.nonce-required=true
quarkus.oidc.tenant-https.authentication.pkce-secret=eUk1p7UB3nFiXZGUXi0uph1Y9p34YhBU
quarkus.oidc.tenant-https.authentication.cookie-same-site=strict
quarkus.oidc.tenant-https.authentication.state-cookie-same-site=none
quarkus.oidc.tenant-https.authentication.fail-on-missing-state-param=true
quarkus.oidc.tenant-nonce.auth-server-url=${quarkus.oidc.auth-server-url}
quarkus.oidc.tenant-nonce.client-id=quarkus-app
quarkus.oidc.tenant-nonce.credentials.secret=secret
quarkus.oidc.tenant-nonce.authentication.scopes=profile,email,phone
quarkus.oidc.tenant-nonce.authentication.extra-params.max-age=60
quarkus.oidc.tenant-nonce.authentication.redirect-path=/tenant-nonce
quarkus.oidc.tenant-nonce.application-type=web-app
quarkus.oidc.tenant-nonce.authentication.nonce-required=true
quarkus.oidc.tenant-nonce.authentication.state-secret=eUk1p7UB3nFiXZGUXi0uph1Y9p34YhBU
quarkus.oidc.tenant-nonce.token-state-manager.encryption-required=false
quarkus.oidc.tenant-nonce.token.allow-jwt-introspection=false
quarkus.oidc.tenant-nonce.resource-metadata.enabled=true
quarkus.oidc.tenant-nonce.resource-metadata.resource=/metadata
quarkus.oidc.tenant-nonce.resource-metadata.scopes=read
quarkus.oidc.tenant-nonce.resource-metadata.authorization-server=http://localhost:8080/q/oidc
quarkus.oidc.tenant-javascript.auth-server-url=${quarkus.oidc.auth-server-url}
quarkus.oidc.tenant-javascript.client-id=quarkus-app
quarkus.oidc.tenant-javascript.credentials.secret=secret
quarkus.oidc.tenant-javascript.authentication.java-script-auto-redirect=false
quarkus.oidc.tenant-javascript.application-type=web-app
quarkus.oidc.tenant-cookie-path-header.auth-server-url=${quarkus.oidc.auth-server-url}
quarkus.oidc.tenant-cookie-path-header.client-id=quarkus-app
quarkus.oidc.tenant-cookie-path-header.credentials.secret=secret
quarkus.oidc.tenant-cookie-path-header.authentication.cookie-path-header=X-Forwarded-Prefix
quarkus.oidc.tenant-cookie-path-header.application-type=web-app
quarkus.oidc.tenant-idtoken-only.auth-server-url=${quarkus.oidc.auth-server-url}
quarkus.oidc.tenant-idtoken-only.client-id=quarkus-app
quarkus.oidc.tenant-idtoken-only.credentials.secret=secret
quarkus.oidc.tenant-idtoken-only.token-state-manager.strategy=id-token
quarkus.oidc.tenant-idtoken-only.application-type=web-app
quarkus.oidc.tenant-idtoken-only.authentication.user-info-required=false
quarkus.oidc.tenant-idtoken-only.authentication.verify-access-token=false
quarkus.oidc.tenant-id-refresh-token.auth-server-url=${quarkus.oidc.auth-server-url}
quarkus.oidc.tenant-id-refresh-token.client-id=quarkus-app
quarkus.oidc.tenant-id-refresh-token.credentials.secret=secret
quarkus.oidc.tenant-id-refresh-token.token-state-manager.strategy=id-refresh-tokens
quarkus.oidc.tenant-id-refresh-token.application-type=web-app
quarkus.oidc.tenant-id-refresh-token.authentication.user-info-required=false
quarkus.oidc.tenant-id-refresh-token.authentication.verify-access-token=false
quarkus.oidc.tenant-split-id-refresh-token.auth-server-url=${quarkus.oidc.auth-server-url}
quarkus.oidc.tenant-split-id-refresh-token.client-id=quarkus-app
quarkus.oidc.tenant-split-id-refresh-token.credentials.secret=secret
quarkus.oidc.tenant-split-id-refresh-token.token-state-manager.strategy=id-refresh-tokens
quarkus.oidc.tenant-split-id-refresh-token.token-state-manager.split-tokens=true
quarkus.oidc.tenant-split-id-refresh-token.application-type=web-app
quarkus.oidc.tenant-split-id-refresh-token.authentication.user-info-required=false
quarkus.oidc.tenant-split-id-refresh-token.authentication.verify-access-token=false
quarkus.oidc.tenant-split-tokens.auth-server-url=${quarkus.oidc.auth-server-url}
quarkus.oidc.tenant-split-tokens.client-id=quarkus-app
quarkus.oidc.tenant-split-tokens.credentials.secret=secret
quarkus.oidc.tenant-split-tokens.token-state-manager.split-tokens=true
quarkus.oidc.tenant-split-tokens.token-state-manager.encryption-secret=eUk1p7UB3nFiXZGUXi0uph1Y9p34YhBU
quarkus.oidc.tenant-split-tokens.application-type=web-app
quarkus.oidc.tenant-split-tokens.authentication.cookie-same-site=strict
quarkus.oidc.tenant-split-tokens.authentication.scopes=phone
quarkus.http.auth.permission.roles1.paths=/index.html,/index.html;/checktterer
quarkus.http.auth.permission.roles1.policy=authenticated
quarkus.http.auth.permission.logout.paths=/tenant-logout
quarkus.http.auth.permission.logout.policy=authenticated
quarkus.http.auth.permission.autorefresh.paths=/tenant-autorefresh
quarkus.http.auth.permission.autorefresh.policy=authenticated
quarkus.http.auth.permission.javascript.paths=/tenant-javascript
quarkus.http.auth.permission.javascript.policy=authenticated
quarkus.http.auth.permission.tenant-cookie-path-header.paths=/tenant-cookie-path-header
quarkus.http.auth.permission.tenant-cookie-path-header.policy=authenticated
quarkus.http.auth.permission.post-logout.paths=/tenant-logout/post-logout
quarkus.http.auth.permission.post-logout.policy=permit
quarkus.http.cors.enabled=true
quarkus.http.cors.origins=*
quarkus.http.auth.proactive=false
quarkus.http.proxy.enable-forwarded-prefix=true
quarkus.http.proxy.allow-forwarded=true
quarkus.log.category."io.quarkus.oidc.runtime.CodeAuthenticationMechanism".min-level=TRACE
quarkus.log.category."io.quarkus.oidc.runtime.CodeAuthenticationMechanism".level=TRACE
quarkus.log.category."io.quarkus.resteasy.runtime.AuthenticationFailedExceptionMapper".level=DEBUG
quarkus.log.category."io.quarkus.resteasy.runtime.AuthenticationCompletionExceptionMapper".level=DEBUG
quarkus.log.category."io.quarkus.resteasy.runtime.UnauthorizedExceptionMapper".level=DEBUG
quarkus.log.category."io.quarkus.vertx.http.runtime.security.HttpAuthenticator".level=DEBUG
quarkus.log.category."io.quarkus.vertx.http.runtime.security.HttpSecurityRecorder".level=DEBUG
quarkus.log.category."org.htmlunit".level=ERROR
### PAR test configuration
quarkus.oidc.par-tenant-jwt.auth-server-url=${quarkus.oidc.auth-server-url}
quarkus.oidc.par-tenant-jwt.client-id=quarkus-app-jwt-par
quarkus.oidc.par-tenant-jwt.credentials.jwt.secret=AyM1SysPpbyDfgZld3umj1qzKObwVMkoqQ-EstJQLr_T-1qS0gZH75aKtMN3Yj0iPS4hcgUuTwjAzZr1Z9CAow
quarkus.oidc.par-tenant-jwt.token.issuer=${quarkus.oidc.auth-server-url}
quarkus.oidc.par-tenant-jwt.authentication.par.enabled=true
quarkus.oidc.par-tenant-jwt.application-type=web-app
quarkus.oidc.par-disabled-tenant-jwt.auth-server-url=${quarkus.oidc.auth-server-url}
quarkus.oidc.par-disabled-tenant-jwt.client-id=quarkus-app-jwt-par
quarkus.oidc.par-disabled-tenant-jwt.credentials.jwt.secret=AyM1SysPpbyDfgZld3umj1qzKObwVMkoqQ-EstJQLr_T-1qS0gZH75aKtMN3Yj0iPS4hcgUuTwjAzZr1Z9CAow
quarkus.oidc.par-disabled-tenant-jwt.token.issuer=${quarkus.oidc.auth-server-url}
quarkus.oidc.par-disabled-tenant-jwt.application-type=web-app
quarkus.oidc.par-tenant-client-secret.auth-server-url=${quarkus.oidc.auth-server-url}
quarkus.oidc.par-tenant-client-secret.client-id=quarkus-app-par
quarkus.oidc.par-tenant-client-secret.credentials.secret=secret
quarkus.oidc.par-tenant-client-secret.token-state-manager.encryption-secret=eUk1p7UB3nFiXZGUXi0uph1Y9p34YhBU
quarkus.oidc.par-tenant-client-secret.application-type=web-app
quarkus.oidc.par-tenant-client-secret.authentication.cookie-same-site=strict
quarkus.oidc.par-tenant-client-secret.authentication.scopes=phone
quarkus.oidc.par-tenant-client-secret.authentication.par.enabled=true
quarkus.oidc.disabled-par-tenant-client-secret.auth-server-url=${quarkus.oidc.auth-server-url}
quarkus.oidc.disabled-par-tenant-client-secret.client-id=quarkus-app-par
quarkus.oidc.disabled-par-tenant-client-secret.credentials.secret=secret
quarkus.oidc.disabled-par-tenant-client-secret.token-state-manager.encryption-secret=eUk1p7UB3nFiXZGUXi0uph1Y9p34YhBU
quarkus.oidc.disabled-par-tenant-client-secret.application-type=web-app
quarkus.oidc.disabled-par-tenant-client-secret.authentication.cookie-same-site=strict
quarkus.oidc.disabled-par-tenant-client-secret.authentication.scopes=phone