#---------------------------------------------------------------# #---------------OIDC AUTHENTICATION CONFIGURATIONS--------------# #---------------------------------------------------------------# # Configuration properties used by the CAS OIDC # # Authentication plugin, when it is enabled. # #---------------------------------------------------------------# # The Realm on the OIDC server we should use for authentication authentication-oidc.auth-server-realm = # The Base URL of all OIDC server endpoints authentication-oidc.auth-server-url = # The URL of the Token endpoint authentication-oidc.token-endpoint = ${authentication-oidc.auth-server-url}/auth/realms/${authentication-oidc.auth-server-realm}/protocol/openid-connect/token # The URL of the Authorize endpoint authentication-oidc.authorize-endpoint = ${authentication-oidc.auth-server-url}/auth/realms/${authentication-oidc.auth-server-realm}/protocol/openid-connect/auth # The URL of the Introspect endpoint authentication-oidc.user-info-endpoint = ${authentication-oidc.auth-server-url}/auth/realms/${authentication-oidc.auth-server-realm}/protocol/openid-connect/userinfo # The registered client id authentication-oidc.client-id = # The registered client secret authentication-oidc.client-secret = # The redirect url authentication-oidc.redirect-url = ${dspace.server.url}/api/authn/oidc # The scopes to request authentication-oidc.scopes = openid,email,profile # Specify if the user can self register using OIDC (true|false). If not specified, true is assumed # This should match the configuration of the OIDC server you are using. The default setting for # Keycloak is true. Do set it to false if your OIDC server disallows self-registration. Otherwise, # leave this set to true. authentication-oidc.can-self-register = true #Specify the attribute present in the user info json related to the user's email authentication-oidc.user-info.email = email #Specify the attribute present in the user info json related to the user's first name authentication-oidc.user-info.first-name = given_name #Specify the attribute present in the user info json related to the user's last name authentication-oidc.user-info.last-name = family_name