Skip to content

Examples

Keycloak OIDC with backend authorization

🚧 Default setup for OIDC authorization.

insight.properties:

  • oidc.server=https://auth.keycloak.idp.tld/realms/insight
  • oidc.client.client_id=insight-app
  • oidc.client.client_secret=your_client_secret

config.json

"oidc": {
  "backend": true
}

Keycloak OIDC with frontend authorization

insight.properties:

  • oidc.server=https://auth.keycloak.idp.tld/realms/insight

config.json

"oidc": {
  "server": "https://auth.keycloak.idp.tld/realms/insight"
  "clientId": "insight-app"
}

MAS8

insight.properties:

  • oidc.server=https://auth.mas8.maximo.tld/oidc/endpoint/MaximoAppSuite
  • oidc.server.pkce=false
  • oidc.client.client_id=insight-app
  • oidc.client.client_secret=your_client_secret
  • oidc.userinfo.username=sub

config.json

"oidc": {
  "backend": true
}

OIDC client for MAS8

{
  "client_id": "insight-app",
  "client_secret": "your_client_secret",
  "publicClient": false,
  "proofKeyForCodeExchange": false,
  "scope": "openid profile email general",
  "grant_types": [
    "authorization_code",
    "client_credentials",
    "implicit",
    "refresh_token",
    "urn:ietf:params:oauth:grant-type:jwt-bearer"
  ],
  "response_types": ["code", "token", "id_token token"],
  "application_type": "web",
  "subject_type": "public",
  "post_logout_redirect_uris": [
    "https://insight.local.ibfs.de/insight/auth/logout"
  ],
  "preauthorized_scope": "openid profile email general",
  "introspect_tokens": true,
  "trusted_uri_prefixes": [
    "https://insight.local.ibfs.de"
  ],
  "redirect_uris": [
    "https://insight.local.ibfs.de/insight/auth/callback",
    "https://insight.local.ibfs.de/insight/cockpit/api/auth/callback"
  ]
}