9 Background Processes
This chapter explains the process which runs automatically as part of the Oracle Communications Convergent Charging Controller application. This process is started automatically by the system services (/IN/bin/OUI_systemctl.sh) in the SLC node.
RESTServer
Purpose
The RESTServer (REST) interface accepts REST requests for location information.
Startup
This task is started by the system services, by the following line in the service files:
/IN/service_packages/REST/bin/RestServerStartup.sh /IN/service_packages/REST/etc/application.yaml
Configuration
server:
port: 8080
tls:
private-key:
keystore:
passphrase: "<keystore-passphrase>"
resource:
resource-path: "<keystore-path>"
protocols:
- "TLSv1.3"
- "TLSv1.2"
cipher-suite :
- "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"
- "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"
- "TLS_AES_128_GCM_SHA256"
- "TLS_AES_256_GCM_SHA384"
soap :
endpoint : "http://1.1.2.2:1024"
username : "<username>"
password : "<base64password>"
retryinterval : 1000
retrycount : 2
security:
providers:
- abac:
# Adds ABAC Provider - it does not require any configuration
- oidc:
validate-with-jwk: false
client-id: ""
client-secret: ""
identity-uri: ""
realm: ""
audience: ""
proxy-host: ""
redirect: false
cookie-use: false
header-use: true
- oamoidc:
validate_with_jwk: false
token-endpoint-uri: "http://oam-endpoint:port/oauth2/rest/token"
authorization-endpoint-uri: "http://oam-endpoint:port/oauth2/rest/token"
introspect-endpoint-uri: "http://oam-endpoint:port/oauth2/rest/token/info"
audience: "<audience>"
cookie-name: "<cookie-name>"
cookie-same-site: "<cookie-same-site>"
header-use: true
query-param-use: true
redirect: true
oidc-metadata-well-known: false
oauth-identity-domain-name: "<domain>"
Parameters
Parameters of the RESTServer are listed below.
In server block:
port
| Syntax: | port : "value" |
| Description: | Port on which REST Server will be listening to requests. |
| Type: | Integer |
| Optionality: | Optional |
| Example: | port : "8080" |
In tls > private-key block:
keystore > resource > resource-path
| Syntax: | resource-path :
"value" |
| Description: | PKCS12 keystore path. It should be placed in Classpath (/IN/service_packages/REST/etc/). |
| Type: | String |
| Example: | resource-path :
“mykeystore.pkcs12" |
keystore > passphrase
| Syntax: | passphrase : "value" |
| Description: | Password for the keystore. |
| Type: | String |
| Example: | passphrase :
"password" |
In soap block:
endpoint
| Syntax: | endpoint : "value" |
| Description: | IP address of the OSD where OSDLocation is configured. |
| Type: | String |
| Example: | endpoint :
"osd_endpoint:port" |
username
| Syntax: | username : "value" |
| Description: | Username of the ASP client for accessing SOAP request. |
| Type: | String |
| Example: | username : "notif" |
password
| Syntax: | password : "value" |
| Description: | Base64 encrypted password of ASP client for accessing SOAP request. |
| Type: | String |
| Example: | password :
"<base64password>" |
retryinterval
| Syntax: | retryinterval : number |
| Description: | Retry interval for SOAP request if failed. |
| Type: | Integer |
| Default | 1000 |
| Example: | retryinterval : 1000 |
retrycount
| Syntax: | retrycount : number |
| Description: | Retry times for SOAP request if failed. |
| Type: | Integer |
| Default | 0 |
| Example: | retrycount : 2 |
In oamoidc block:
validate_with_jwk
| Syntax: | validate_with_jwk :
"value" |
| Description: | Valid values are:
true: Validate against jwk defined by "sign-jwk". false: Validate JWT through OIDC Server endpoint. |
| Type: | Boolean |
| Default | true |
| Example: | validate_with_jwk : "false" |
token-endpoint-uri
| Syntax: | token-endpoint-uri :
"value" |
| Description: | URI of the token endpoint used to obtain the JWT based on the authentication code. |
| Type: | String |
| Example: | token-endpoint-uri :
"http://oam-endpoint:port/oauth2/rest/token" |
authorization-endpoint-uri
| Syntax: | authorization-endpoint-uri :
"value" |
| Description: | URI of an authorization endpoint. |
| Type: | String |
| Example: | authorization-endpoint-uri :
"http://oam-endpoint:port/oauth2/rest/token" |
audience
| Syntax: | audience : "value" |
| Description: | Audience URI of custom scopes. |
| Type: | String |
| Example: | audience :
"<audience>" |
cookie-name
| Syntax: | cookie-name : "value" |
| Description: | Name of the cookie. |
| Type: | String |
| Default | JSESSIONID |
| Example: | cookie-name :
"<cookie-name>" |
cookie-same-site
| Syntax: | cookie-same-site :
"value" |
| Description: | Used to set the SameSite cookie value when using cookie. The value can be Strict or Lax. Setting this to Strict will result in infinite redirects when calling OIDC on a different host. |
| Type: | String |
| Default | Lax |
| Example: | cookie-same-site :
"<cookie-same-site>" |
header-use
| Syntax: | header-use : "value" |
| Description: | Whether to expect JWT in the header field. |
| Type: | Boolean |
| Default | false |
| Example: | header-use : "true" |
query-param-use
| Syntax: | query-param-use :
"value" |
| Description: | Whether to expect JWT in the query parameter. |
| Type: | Boolean |
| Default | false |
| Example: | query-param-use : "true" |
redirect
| Syntax: | redirect : "value" |
| Description: | Whether to redirect to identity server when authentication failed. |
| Type: | Boolean |
| Default | true |
| Example: | redirect : "true" |
oidc-metadata-well-known
| Syntax: | oidc-metadata-well-known :
"value" |
| Description: | If set to true, metadata will be loaded from default (well known) location, unless it is explicitly defined using oidc-metadata-resource. If set to false, it would not be loaded even if oidc-metadata-resource is not defined. In such cases, all URIs must be explicitly defined (Example: token-endpoint-uri). |
| Type: | Boolean |
| Default | true |
| Example: | oidc-metadata-well-known :
"false" |
oauth-identity-domain-name
| Syntax: | oauth-identity-domain-name :
"value" |
| Description: | This is used to access token from OAM server.
oauth-identity-domain-name is added to the
header “X-OAUTH-IDENTITY-DOMAIN-NAME” in the access token request
sent to OAM.
|
| Type: | String |
| Example: | oauth-identity-domain-name :
"<domain>" |
For security > providers > oidc block, check the following link for information on configurations: