Operational Dashboard Service Configuration
| Key | Description | Default Value |
|---|---|---|
|
This will need to be overridden with the connection string value of the db instance you’re connecting to` |
|
Property Grouping: ipf.business-operations.auth.jwt
| Key | Description | Default Value |
|---|---|---|
|
Must be changed. JWT secret (min. 32 characters) |
|
|
This the roles claim for the JWT token being used for authentication |
|
Property Grouping: ipf.business-operations.auth.http
| Key | Description | Default Value |
|---|---|---|
|
Must be changed. Max-age of Strict Transport Security header, recommendation is to increase incrementally during deployment. |
|
For more information, see OPS GUI Service HSTS Configuration
Property Grouping: ipf.business-operations.auth.basic-auth
| Key | Description | Default Value |
|---|---|---|
|
Boolean value which can be true or false to enable basic authentication when logging into the operational dashboard. Basic auth should not be used in production. |
|
For more information and to see an example configuration set up see: OPS GUI Service Basic Auth Configuration
Property Grouping: ipf.business-operations.auth.saml2
| Key | Description | Default Value | Required |
|---|---|---|---|
|
Boolean value which can be true or false to enable saml2 authentication when logging into the operational dashboard. |
|
Yes |
|
Verification certificate, should be PEM formatted. |
|
Yes |
|
This is the registration id of the application as part of SSO authentication. |
|
Yes |
|
This is the URL of your organisation’s IDP system. |
Yes |
|
|
This is the URL of the SSO logout endpoint that is provided by your organisation’s IDP system. |
Yes |
|
|
This is a globally unique name for an Identity Provider or a Service Provider. For the Service Provider, the Entity ID is automatically generated and corresponds by default to the metadata URL of the Service Provider. |
Yes |
|
|
Override for the URL being used by the security assertion to validate expected location - In the case of Gateway rewrite breaking the default for spring - Check spring docs for details |
|
No |
|
Must be overridden. The SAML service provider entity ID. |
Yes |
|
|
Boolean value for signing authentication requests, can be true or false. |
|
Yes |
|
SAML2 attribute that holds the user’s ID |
|
Yes |
|
An attribute name that holds a delimited list of roles. Optional if attribute-to-roles-mappings are already specified. Must be a top level property in the JWT payload. |
|
Yes |
|
A character that is used as a delimiter in roles-attribute-name. |
|
Yes |
|
Return URL to use after successful authentication. |
|
Yes |
|
Boolean value can be true or false. If it is set to true, it will signal the fact that the user has IPF roles (audit, metrics, etc) directly in the token and not bank roles. If it is set to false, it signals the fact that the client has bank roles in the token (roles unknown to the IPF that are present in the roles-mapping). This property helps us parse the roles-mapping and assign the correct roles to the user. |
|
Yes |
|
Represents the mapping between processing entities, bank roles and IPF roles. Each processing entity can contain multiple bank roles and each bank role can contain multiple IPF roles. When granting access, we are parsing the mapping provided by banks and assign the correct roles to the user based on this mapping. If the bank uses IPF roles in the token, the bank role key needs to be provided, but it will be completely ignored (it can be a random text). |
No |
To see an example configuration set up see: OPS GUI Service SAML 2 Configuration
Property Grouping: ipf.business-operations.auth.oauth2
| Key | Description | Default Value | Required |
|---|---|---|---|
|
Boolean value which can be true or false to enable oauth2 authentication when logging into the operational dashboard. |
|
Yes |
|
This is the registration id of the application as part of OAuth authentication. |
|
Yes |
|
This is the clientId of the application being authenticated using oauth2. |
|
Yes |
|
This is the client secret used to authenticate oauth2 request. |
Yes |
|
|
Scope is a mechanism in OAuth 2.0 to limit an application’s access to a user’s account. |
|
Yes |
|
This is the URL used for oauth2 authorisation. |
Yes |
|
|
This is the URL where the oauth2 token will be retrieved from. |
Yes |
|
|
This is the URL where certs/keys are stored for use of authentication. |
Yes |
|
|
This is the URL that returns claims about the authenticated end-user. |
No |
|
|
Return URL to use after successful authentication. |
|
Yes |
|
Boolean value to derive roles from attributes or not. |
|
Yes |
|
An attribute name that holds a delimited list of roles. Optional if attribute-to-roles-mappings are already specified. Must be a top level property in the JWT payload. |
|
No |
|
A character that is used as a delimiter in roles-attribute-name. |
|
No |
|
This is an optional claim on oauth2 token. |
No |
|
|
Boolean value can be true or false. If it is set to true, it will signal the fact that the user has IPF roles (audit, metrics, etc) directly in the token and not bank roles. If it is set to false, it signals the fact that the client has bank roles in the token (roles unknown to the IPF that are present in the roles-mapping). This property helps us parse the roles-mapping and assign the correct roles to the user. |
|
Yes |
|
Represents the mapping between processing entities, bank roles and IPF roles. Each processing entity can contain multiple bank roles and each bank role can contain multiple IPF roles. When granting access, we are parsing the mapping provided by banks and assign the correct roles to the user based on this mapping. If the bank uses IPF roles in the token, the bank role key needs to be provided, but it will be completely ignored (it can be a random text). |
No |
To see an example configuration set up see: OPS GUI Service OAuth 2 Configuration
Property Grouping: ipf.business-operations.cluster-management.systems
| Key | Description | Default Value |
|---|---|---|
|
The name of the service you want to show on the Cluster Health screen |
|
|
Base URL of service |
|
|
Is the service an akka clustered service ? |
|
|
Transport protocol used for actuator |
|
|
The port to call for actuator endpoint |
|