uaa-server/uaa.yml

  # This file defines UAA configuration that is compatible with Steeltoe Sample applications.
  # Samples can be found in the repository at https://github.com/SteeltoeOSS/Samples
  logging:
    config: /uaa/log4j2.properties

  issuer:
    uri: http://localhost:8080/uaa

  encryption:
    encryption_keys:
    - label: uaa-encryption-key-1
      passphrase: password
    active_key_label: uaa-encryption-key-1

  scim:
    groups:
      zones.read: Read identity zones
      zones.write: Create and update identity zones
      idps.read: Retrieve identity providers
      idps.write: Create and update identity providers
      clients.admin: Create, modify and delete OAuth clients
      clients.write: Create and modify OAuth clients
      clients.read: Read information about OAuth clients
      clients.secret: Change the password of an OAuth client
      scim.write: Create, modify and delete SCIM entities, i.e. users and groups
      scim.read: Read all SCIM entities, i.e. users and groups
      scim.create: Create users
      scim.userids: Read user IDs and retrieve users by ID
      scim.zones: Control a user's ability to manage a zone
      scim.invite: Send invitations to users
      password.write: Change your password
      oauth.approval: Manage approved scopes
      oauth.login: Authenticate users outside of the UAA
      openid: Access profile information, i.e. email, first and last name, and phone number
      groups.update: Update group information and memberships
      uaa.user: Act as a user in the UAA
      uaa.resource: Serve resources protected by the UAA
      uaa.admin: Act as an administrator throughout the UAA
      uaa.none: Forbid acting as a user
      uaa.offline_token: Allow offline access
      # ----- <Freddy's BBQ> ----- #
      order.me: Permission to read personal orders
      order.admin: Permission to read all orders
      menu.read: Permission to read all menu items
      menu.write: Permission to create, update, and delete menu items
      # ----- </Freddy's BBQ> ----- #
      # ----- <Steeltoe Security Samples> ----- #
      sampleapi.read: Permission to access a specific endpoint in the Steeltoe App Security Samples
      # ----- </Steeltoe Security Samples> ----- #
    users:
      # ----- <Freddy's BBQ> ----- #
      - customer|password|customer@testapp.com|Jon|Doe|menu.read,order.me
      - manager|password|manager@testapp.com|Jonathan|Doe|menu.read,menu.write,order.admin
      # ----- </Freddy's BBQ> ----- #
      # ----- <Steeltoe Security Samples> ----- #
      - testuser|password|user@testapp.com|Jane|Doe|sampleapi.read
      # ----- </Steeltoe Security Samples> ----- #
    userids_enabled: true
    user:
      override: true

  require_https: false

  oauth:
    user:
      authorities:
        - openid
        - scim.me
        - cloud_controller.read
        - cloud_controller.write
        - cloud_controller_service_permissions.read
        - password.write
        - scim.userids
        - uaa.user
        - approvals.me
        - oauth.approvals
        - profile
        - roles
        - user_attributes
        - uaa.offline_token
    # Always override clients on startup
    client:
      override: true

    # List of OAuth clients
    clients:
      # ----- <Freddy's BBQ> ----- #
      admin-portal:
        app-launch-url: http://localhost:63757/Home/
        authorities: uaa.resource
        authorized-grant-types: authorization_code
        description: "UI Admin Portal for administering orders"
        redirect-uri: http://localhost:63757/signin-cloudfoundry
        scope: openid,menu.read,menu.write,order.admin
        secret: adminportal_secret
        show-on-homepage: true
      order-service:
        authorities: uaa.resource
        authorized-grant-types: client_credentials
        description: "API Service for administering orders"
        scope: openid,menu.write,order.admin
        secret: orderservice_secret
      customer-portal:
        authorities: uaa.resource
        authorized-grant-types: authorization_code
        redirect-uri: http://localhost:8082/login
        scope: openid,menu.read,order.me
        secret: customerportal_secret
      # ----- </Freddy's BBQ> ---- #
      # --- <Steeltoe Security Samples> --- #
      steeltoesamplesserver:
        authorities: uaa.resource, sampleapi.read
        authorized-grant-types: client_credentials
        description: Steeltoe application security Sample Server
        secret: server_secret
      steeltoesamplesclient:
        app-launch-url: https://localhost:7072
        authorized-grant-types: authorization_code, client_credentials
        autoapprove:
        - openid
        - profile
        description: Steeltoe application security Sample Client
        redirect-uri: https://localhost:7072/signin-oidc
        resource_ids: sampleapi.read
        scope: openid,profile,sampleapi.read
        secret: client_secret
      ssotile:
        authorized-grant-types: authorization_code, client_credentials
        autoapprove:
        - openid
        - profile
        description: Credentials for use with UAA server in Cloud Foundry environment

        # CHANGE THIS VALUE TO MATCH YOUR ENVIRONMENT
        redirect-uri: https://steeltoe.login.sys.dhaka.cf-app.com/**

        resource_ids: sampleapi.read
        scope: openid,profile,sampleapi.read
        secret: sso_secret
      # --- </Steeltoe Security Samples> --- #
  jwt:
    token:
      refresh:
        format: opaque
      policy:
        # Will override global validity policies for the default zone only.
        #accessTokenValiditySeconds: 600
        activeKeyId: uaa-jwt-key-1
        keys:
          uaa-jwt-key-1:
            signingKey: |
              -----BEGIN RSA PRIVATE KEY-----
              MIICXQIBAAKBgQDHtC5gUXxBKpEqZTLkNvFwNGnNIkggNOwOQVNbpO0WVHIivig5
              L39WqS9u0hnA+O7MCA/KlrAR4bXaeVVhwfUPYBKIpaaTWFQR5cTR1UFZJL/OF9vA
              fpOwznoD66DDCnQVpbCjtDYWX+x6imxn8HCYxhMol6ZnTbSsFW6VZjFMjQIDAQAB
              AoGAVOj2Yvuigi6wJD99AO2fgF64sYCm/BKkX3dFEw0vxTPIh58kiRP554Xt5ges
              7ZCqL9QpqrChUikO4kJ+nB8Uq2AvaZHbpCEUmbip06IlgdA440o0r0CPo1mgNxGu
              lhiWRN43Lruzfh9qKPhleg2dvyFGQxy5Gk6KW/t8IS4x4r0CQQD/dceBA+Ndj3Xp
              ubHfxqNz4GTOxndc/AXAowPGpge2zpgIc7f50t8OHhG6XhsfJ0wyQEEvodDhZPYX
              kKBnXNHzAkEAyCA76vAwuxqAd3MObhiebniAU3SnPf2u4fdL1EOm92dyFs1JxyyL
              gu/DsjPjx6tRtn4YAalxCzmAMXFSb1qHfwJBAM3qx3z0gGKbUEWtPHcP7BNsrnWK
              vw6By7VC8bk/ffpaP2yYspS66Le9fzbFwoDzMVVUO/dELVZyBnhqSRHoXQcCQQCe
              A2WL8S5o7Vn19rC0GVgu3ZJlUrwiZEVLQdlrticFPXaFrn3Md82ICww3jmURaKHS
              N+l4lnMda79eSp3OMmq9AkA0p79BvYsLshUJJnvbk76pCjR28PK4dV1gSDUEqQMB
              qy45ptdwJLqLJCeNoR0JUcDNIRhOCuOPND7pcMtX6hI/
              -----END RSA PRIVATE KEY-----
  login:
    url: http://localhost:8080/uaa
    selfServiceLinksEnabled: false
    serviceProviderKey: |
      -----BEGIN RSA PRIVATE KEY-----
      MIICXQIBAAKBgQDHtC5gUXxBKpEqZTLkNvFwNGnNIkggNOwOQVNbpO0WVHIivig5
      L39WqS9u0hnA+O7MCA/KlrAR4bXaeVVhwfUPYBKIpaaTWFQR5cTR1UFZJL/OF9vA
      fpOwznoD66DDCnQVpbCjtDYWX+x6imxn8HCYxhMol6ZnTbSsFW6VZjFMjQIDAQAB
      AoGAVOj2Yvuigi6wJD99AO2fgF64sYCm/BKkX3dFEw0vxTPIh58kiRP554Xt5ges
      7ZCqL9QpqrChUikO4kJ+nB8Uq2AvaZHbpCEUmbip06IlgdA440o0r0CPo1mgNxGu
      lhiWRN43Lruzfh9qKPhleg2dvyFGQxy5Gk6KW/t8IS4x4r0CQQD/dceBA+Ndj3Xp
      ubHfxqNz4GTOxndc/AXAowPGpge2zpgIc7f50t8OHhG6XhsfJ0wyQEEvodDhZPYX
      kKBnXNHzAkEAyCA76vAwuxqAd3MObhiebniAU3SnPf2u4fdL1EOm92dyFs1JxyyL
      gu/DsjPjx6tRtn4YAalxCzmAMXFSb1qHfwJBAM3qx3z0gGKbUEWtPHcP7BNsrnWK
      vw6By7VC8bk/ffpaP2yYspS66Le9fzbFwoDzMVVUO/dELVZyBnhqSRHoXQcCQQCe
      A2WL8S5o7Vn19rC0GVgu3ZJlUrwiZEVLQdlrticFPXaFrn3Md82ICww3jmURaKHS
      N+l4lnMda79eSp3OMmq9AkA0p79BvYsLshUJJnvbk76pCjR28PK4dV1gSDUEqQMB
      qy45ptdwJLqLJCeNoR0JUcDNIRhOCuOPND7pcMtX6hI/
      -----END RSA PRIVATE KEY-----
    serviceProviderKeyPassword: ""
    serviceProviderCertificate: |
      -----BEGIN CERTIFICATE-----
      MIIDSTCCArKgAwIBAgIBADANBgkqhkiG9w0BAQQFADB8MQswCQYDVQQGEwJhdzEO
      MAwGA1UECBMFYXJ1YmExDjAMBgNVBAoTBWFydWJhMQ4wDAYDVQQHEwVhcnViYTEO
      MAwGA1UECxMFYXJ1YmExDjAMBgNVBAMTBWFydWJhMR0wGwYJKoZIhvcNAQkBFg5h
      cnViYUBhcnViYS5hcjAeFw0xNTExMjAyMjI2MjdaFw0xNjExMTkyMjI2MjdaMHwx
      CzAJBgNVBAYTAmF3MQ4wDAYDVQQIEwVhcnViYTEOMAwGA1UEChMFYXJ1YmExDjAM
      BgNVBAcTBWFydWJhMQ4wDAYDVQQLEwVhcnViYTEOMAwGA1UEAxMFYXJ1YmExHTAb
      BgkqhkiG9w0BCQEWDmFydWJhQGFydWJhLmFyMIGfMA0GCSqGSIb3DQEBAQUAA4GN
      ADCBiQKBgQDHtC5gUXxBKpEqZTLkNvFwNGnNIkggNOwOQVNbpO0WVHIivig5L39W
      qS9u0hnA+O7MCA/KlrAR4bXaeVVhwfUPYBKIpaaTWFQR5cTR1UFZJL/OF9vAfpOw
      znoD66DDCnQVpbCjtDYWX+x6imxn8HCYxhMol6ZnTbSsFW6VZjFMjQIDAQABo4Ha
      MIHXMB0GA1UdDgQWBBTx0lDzjH/iOBnOSQaSEWQLx1syGDCBpwYDVR0jBIGfMIGc
      gBTx0lDzjH/iOBnOSQaSEWQLx1syGKGBgKR+MHwxCzAJBgNVBAYTAmF3MQ4wDAYD
      VQQIEwVhcnViYTEOMAwGA1UEChMFYXJ1YmExDjAMBgNVBAcTBWFydWJhMQ4wDAYD
      VQQLEwVhcnViYTEOMAwGA1UEAxMFYXJ1YmExHTAbBgkqhkiG9w0BCQEWDmFydWJh
      QGFydWJhLmFyggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAYvBJ
      0HOZbbHClXmGUjGs+GS+xC1FO/am2suCSYqNB9dyMXfOWiJ1+TLJk+o/YZt8vuxC
      KdcZYgl4l/L6PxJ982SRhc83ZW2dkAZI4M0/Ud3oePe84k8jm3A7EvH5wi5hvCkK
      RpuRBwn3Ei+jCRouxTbzKPsuCVB+1sNyxMTXzf0=
      -----END CERTIFICATE-----
  #The secret that an external login server will use to authenticate to the uaa using the id `login`
  LOGIN_SECRET: loginsecret