4.2.5.1 Identity Provider Properties
Under identityProvider, enter property values for the JSON
Web Token (JWT) which MicroTx uses for
authentication.
When you set authentication.requestsWithNoJWT to
DENY, you must provides values for all the identity provider
properties listed in the table below.
However, provide values for the audience,
adminUserRoles, adminUserRolesPath, and
clientSecretName properties to ensure that users can access the
MicroTx console. If you don't want to provide
access to the MicroTx console, you can skip providing
values for these properties.
| Property | Description |
|---|---|
serverType |
Enter idcs if you are using Oracle IDCS as the identity
provider. Otherwise, enter other. The default value is
other.
|
scopes |
If the serverType is idcs, you must
specify a scope to grant different levels of access. If you are not
using Oracle IDCS as the identity provider, do not provide a value for
this property. For Oracle IDCS, enter a space-separated list of scopes.
The default scope for Oracle IDCS is openid
groups.
|
issuer |
Identifies the JWT token issuer. Enter the URI of the identity server that you have set up. It is the value of the issuer field in the Discovery URL. For example, https://identity.oraclecloud.com. See Run the Discovery URL.
|
jwksUri |
The URL of the identity provider's publicly hosted jwksUri, which is used to validate signature of the JWT. The JSON Web Key Set (JWKS) contains the cryptographic keys which are used to verify the incoming JWT tokens. See Run the Discovery URL.
|
identityProviderUrl |
Specify the URL of the JWT identity provider. This information is required to create a new access token by using the refresh token. If you do not provide this information, expired access tokens are not auto-refreshed. For example, http://192.0.2.1:8080/auth/realms/tmmdev when you use Keycloak as the identity provider. See Run the Discovery URL.
|
audience |
Enter the audience of the token. Every JWT is validated to check the audience. You must provide a value for this parameter to access the MicroTx Distributed Transactions console. Note down this value from the JWT access token. |
The following code snippet provides sample values for the authentication field in the values.yaml file. The sample values in this example are based on Run the Discovery URL and Specify the Admin Role in YAML file.
identityProvider:
issuer: "https://identity.oraclecloud.com"
jwksUri: "https://idcs-a83e4...identity.oraclecloud.com:443/admin/v1/SigningCert/jwk"
identityProviderUrl: "https://idcs-a83e4...identity.oraclecloud.com/oauth2/v1/token"
clientSecretName: "console-identity-client-secret"
audience: "account"
scopes: "idcs"The example tenant base URL, https://idcs-a83e4...identity.oraclecloud.com, has been truncated with ellipses (...) for readability. Copy the complete value in your environment.
Parent topic: Security Configuration Properties