@ -98,72 +98,40 @@ security:
# Time allowed to claim the device in milliseconds # Time allowed to claim the device in milliseconds
duration : "${SECURITY_CLAIM_DURATION:60000}" # 1 minute, note this value must equal claimDevices.timeToLiveInMinutes value duration : "${SECURITY_CLAIM_DURATION:60000}" # 1 minute, note this value must equal claimDevices.timeToLiveInMinutes value
basic: basic:
enabled : false enabled : "${SECURITY_BASIC_ENABLED:false}"
oauth2: oauth2:
enabled : true enabled : "${SECURITY_OAUTH2_ENABLED:false}"
loginProcessingUrl : "${SECURITY_OAUTH2_LOGIN_PROCESSING_URL:/login/oauth2/code/}"
clients: clients:
schwarz: default:
registrationId : A loginButtonLabel : "${SECURITY_OAUTH2_DEFAULT_LOGIN_BUTTON_LABEL:Default}" # Label that going to be show on login screen
loginButtonLabel : Auth0 # loginButtonIcon : "${SECURITY_OAUTH2_DEFAULT_LOGIN_BUTTON_ICON:}" # Icon that going to be show on login screen. Material design icon ID (https://material.angularjs.org/latest/api/directive/mdIcon)
loginButtonIcon: clientName : "${SECURITY_OAUTH2_DEFAULT_CLIENT_NAME:ClientName}"
clientName : Test app clientId : "${SECURITY_OAUTH2_DEFAULT_CLIENT_ID:}"
clientId : dVH9reqyqiXIG7M2wmamb0ySue8zaM4g clientSecret : "${SECURITY_OAUTH2_DEFAULT_CLIENT_SECRET:}"
clientSecret : EYAfAGxwkwoeYnb2o2cDgaWZB5k97OStpZQPPvcMMD-SVH2BuughTGeBazXtF5I6 accessTokenUri : "${SECURITY_OAUTH2_DEFAULT_ACCESS_TOKEN_URI:}"
accessTokenUri : https://dev-r9m8ht0k.auth0.com/oauth/token authorizationUri : "${SECURITY_OAUTH2_DEFAULT_AUTHORIZATION_URI:}"
authorizationUri : https://dev-r9m8ht0k.auth0.com/authorize scope : "${SECURITY_OAUTH2_DEFAULT_SCOPE:}"
scope : openid,profile,email redirectUriTemplate : "${SECURITY_OAUTH2_DEFAULT_REDIRECT_URI_TEMPLATE:http://localhost:8080/login/oauth2/code/}" # Must be in sync with security.oauth2.loginProcessingUrl
redirectUriTemplate : http://localhost:8080/login/oauth2/code/ jwkSetUri : "${SECURITY_OAUTH2_DEFAULT_JWK_SET_URI:}"
loginProcessingUrl : /login/oauth2/code/ authorizationGrantType : "${SECURITY_OAUTH2_DEFAULT_AUTHORIZATION_GRANT_TYPE:authorization_code}" # authorization_code, implicit, refresh_token or client_credentials
jwkSetUri : https://dev-r9m8ht0k.auth0.com/.well-known/jwks.json clientAuthenticationMethod : "${SECURITY_OAUTH2_DEFAULT_CLIENT_AUTHENTICATION_METHOD:post}" # basic or post
authorizationGrantType : authorization_code # authorization_code, implicit, refresh_token, client_credentials userInfoUri : "${SECURITY_OAUTH2_DEFAULT_USER_INFO_URI:}"
clientAuthenticationMethod : post # basic, post userNameAttributeName : "${SECURITY_OAUTH2_DEFAULT_USER_NAME_ATTRIBUTE_NAME:email}"
userInfoUri : https://dev-r9m8ht0k.auth0.com/userinfo
userNameAttributeName : email
mapperConfig: mapperConfig:
type : custom # basic or custom type : "${SECURITY_OAUTH2_DEFAULT_MAPPER_TYPE:basic}" # basic or custom
basic: basic:
allowUserCreation : true # required allowUserCreation : "${SECURITY_OAUTH2_DEFAULT_MAPPER_BASIC_ALLOW_USER_CREATION:true}" # Allows to create user if it not exists
emailAttributeKey : email # required emailAttributeKey : "${SECURITY_OAUTH2_DEFAULT_MAPPER_BASIC_EMAIL_ATTRIBUTE_KEY:email}" # Attribute key to use as email for the user
firstNameAttributeKey: firstNameAttributeKey : "${SECURITY_OAUTH2_DEFAULT_MAPPER_BASIC_FIRST_NAME_ATTRIBUTE_KEY:}"
lastNameAttributeKey: lastNameAttributeKey : "${SECURITY_OAUTH2_DEFAULT_MAPPER_BASIC_LAST_NAME_ATTRIBUTE_KEY:}"
tenantNameStrategy : domain # domain or custom tenantNameStrategy : "${SECURITY_OAUTH2_DEFAULT_MAPPER_BASIC_TENANT_NAME_STRATEGY:domain}" # domain, email or custom
tenantNameStrategyPattern: tenantNameStrategyPattern : "${SECURITY_OAUTH2_DEFAULT_MAPPER_BASIC_TENANT_NAME_STRATEGY_PATTERN:}"
customerNameStrategyPattern: customerNameStrategyPattern : "${SECURITY_OAUTH2_DEFAULT_MAPPER_BASIC_CUSTOMER_NAME_STRATEGY_PATTERN:}"
custom: custom:
url : http://localhost:9090/oauth2/mapper url : "${SECURITY_OAUTH2_DEFAULT_MAPPER_CUSTOM_URL:}"
username : admin username : "${SECURITY_OAUTH2_DEFAULT_MAPPER_CUSTOM_USERNAME:}"
password : bababa password : "${SECURITY_OAUTH2_DEFAULT_MAPPER_CUSTOM_PASSWORD:}"
auth0:
registrationId : B
loginButtonLabel : Schwarz #
loginButtonIcon : mdi:google
clientName : Thingsboard Dev Test Q
clientId : 5f5c0998-1d9b-4679-9610-6108fb91af2a
clientSecret : h_kXVb7Ee1LgDDinix_nkAh_owWX7YCO783NNteF9AIOqlTWu2L03YoFjv5KL8yRVyx4uYAE-r_N3tFbupE8Kw
accessTokenUri : https://federation-q.auth.schwarz/nidp/oauth/nam/token
authorizationUri : https://federation-q.auth.schwarz/nidp/oauth/nam/authz
scope : openid,profile,email,siam
redirectUriTemplate : http://localhost:8080/login/oauth2/code/
loginProcessingUrl : /login/oauth2/code/
jwkSetUri : https://federation-q.auth.schwarz/nidp/oauth/nam/keys
authorizationGrantType : authorization_code # authorization_code, implicit, refresh_token, client_credentials
clientAuthenticationMethod : post # basic, post
userInfoUri : https://federation-q.auth.schwarz/nidp/oauth/nam/userinfo
userNameAttributeName : mail
mapperConfig:
type : basic # simple or custom
basic:
allowUserCreation : true # required
emailAttributeKey : CloudLoginName # required
firstNameAttributeKey : givenName
lastNameAttributeKey : sn
tenantNameStrategy : custom # domain or custom
tenantNameStrategyPattern : LOL ${region}
customerNameStrategyPattern : GGG ${countrycode}
custom:
url : http://localhost:9090/oauth2/mapper
username : test
password : test
# Dashboard parameters # Dashboard parameters
dashboard: dashboard:
Volodymyr Babak
6 years ago
Andrew Shvayka