hazza/DSpace
1
0
Fork 0
mirror of https://github.com/DSpace/DSpace.git synced 2025-10-14 13:33:08 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
eca9c624b0a2b51ca6d44b64e4b6823e5539a5e2
DSpace/dspace/config/modules/authentication-oidc.cfg
Hardy Pottinger 3a04b92c80 Requested changes 
- Add sane fall-back defaults for OIDC, where possible.
- Improve error logging for missing properties
- Include authentication-oidc.cfg in dspace.cfg
- Add configuration examples for OIDC to local.cfg-EXAMPLE
- Improve authentication-oidc.cfg with sane defaults and more comments
2022-01-21 16:57:47 -06:00

48 lines
2.2 KiB
INI
Raw Blame History

#---------------------------------------------------------------#
#---------------OIDC AUTHENTICATION CONFIGURATIONS--------------#
#---------------------------------------------------------------#
# Configuration properties used by the CAS OIDC #
# Authentication plugin, when it is enabled. #
#---------------------------------------------------------------#
# The Realm on the OIDC server we should use for authentication
authentication-oidc.auth-server-realm =
# The Base URL of all OIDC server endpoints
authentication-oidc.auth-server-url =
# The URL of the Token endpoint
authentication-oidc.token-endpoint = ${authentication-oidc.auth-server-url}/auth/realms/${authentication-oidc.auth-server-realm}/protocol/openid-connect/token
# The URL of the Authorize endpoint
authentication-oidc.authorize-endpoint = ${authentication-oidc.auth-server-url}/auth/realms/${authentication-oidc.auth-server-realm}/protocol/openid-connect/auth
# The URL of the Introspect endpoint
authentication-oidc.user-info-endpoint = ${authentication-oidc.auth-server-url}/auth/realms/${authentication-oidc.auth-server-realm}/protocol/openid-connect/userinfo
# The registered client id
authentication-oidc.client-id =
# The registered client secret
authentication-oidc.client-secret =
# The redirect url
authentication-oidc.redirect-url = ${dspace.server.url}/api/authn/oidc
# The scopes to request
authentication-oidc.scopes = openid,email,profile
# Specify if the user can self register using OIDC (true|false). If not specified, true is assumed
# This should match the configuration of the OIDC server you are using. The default setting for
# Keycloak is true. Do set it to false if your OIDC server disallows self-registration. Otherwise,
# leave this set to true.
authentication-oidc.can-self-register = true
#Specify the attribute present in the user info json related to the user's email
authentication-oidc.user-info.email = email
#Specify the attribute present in the user info json related to the user's first name
authentication-oidc.user-info.first-name = given_name
#Specify the attribute present in the user info json related to the user's last name
authentication-oidc.user-info.last-name = family_name
Reference in New Issue View Git Blame Copy Permalink