Skip to content

Commit

Permalink
feat: add OIDC login flow schema and enable allowedUsers customizatio…
Browse files Browse the repository at this point in the history 
…n in zowe.yaml (#3533)

---------

Signed-off-by: Pablo Hernán Carle <[email protected]>
Co-authored-by: Pablo Hernán Carle <[email protected]>
Co-authored-by: Pavel Jareš <[email protected]>
  • Loading branch information
@pablocarle @pj892031
3 people authored May 7, 2024
1 parent e1bdaa1 commit 43a7c57
Show file tree
Hide file tree
Showing 2 changed files with 84 additions and 6 deletions.
13 changes: 7 additions & 6 deletions cloud-gateway-package/src/main/resources/bin/start.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -106,14 +106,14 @@ keystore_location="${ZWE_configs_certificate_keystore_file:-${ZWE_zowe_certifica
truststore_location="${ZWE_configs_certificate_truststore_file:-${ZWE_zowe_certificate_truststore_file}}"

if [ "${keystore_type}" = "JCERACFKS" ]; then
keystore_location=$(echo "${keystore_location}" | sed s_safkeyring://_safkeyringjce://_)
truststore_location=$(echo "${truststore_location}" | sed s_safkeyring://_safkeyringjce://_)
keystore_location=$(echo "${keystore_location}" | sed s_safkeyring://_safkeyringjce://_)
truststore_location=$(echo "${truststore_location}" | sed s_safkeyring://_safkeyringjce://_)
elif [ "${keystore_type}" = "JCECCARACFKS" ]; then
keystore_location=$(echo "${keystore_location}" | sed s_safkeyring://_safkeyringjcecca://_)
truststore_location=$(echo "${truststore_location}" | sed s_safkeyring://_safkeyringjcecca://_)
keystore_location=$(echo "${keystore_location}" | sed s_safkeyring://_safkeyringjcecca://_)
truststore_location=$(echo "${truststore_location}" | sed s_safkeyring://_safkeyringjcecca://_)
elif [ "${keystore_type}" = "JCEHYBRIDRACFKS" ]; then
keystore_location=$(echo "${keystore_location}" | sed s_safkeyring://_safkeyringjcehybrid://_)
truststore_location=$(echo "${truststore_location}" | sed s_safkeyring://_safkeyringjcehybrid://_)
keystore_location=$(echo "${keystore_location}" | sed s_safkeyring://_safkeyringjcehybrid://_)
truststore_location=$(echo "${truststore_location}" | sed s_safkeyring://_safkeyringjcehybrid://_)
fi

CLOUD_GATEWAY_CODE=CG
Expand All @@ -126,6 +126,7 @@ _BPX_JOBNAME=${ZWE_zowe_job_prefix}${CLOUD_GATEWAY_CODE} java \
-Djava.io.tmpdir=${TMPDIR:-/tmp} \
-Dspring.profiles.active=${ZWE_configs_spring_profiles_active:-} \
-Dspring.profiles.include=$LOG_LEVEL \
-Dapiml.security.x509.registry.allowedUsers=${ZWE_configs_apiml_security_x509_registry_allowedUsers:-} \
-Dapiml.service.hostname=${ZWE_haInstance_hostname:-localhost} \
-Dapiml.service.port=${ZWE_configs_port:-10023} \
-Dapiml.service.forwardClientCertEnabled=${ZWE_configs_apiml_service_forwardClientCertEnabled:-false} \
Expand Down
77 changes: 77 additions & 0 deletions schemas/cloud-gateway-schema.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,83 @@
}
}
},
"spring": {
"type": "object",
"description": "",
"properties": {
"security": {
"type": "object",
"description": "Security settings",
"properties": {
"oauth2": {
"type": "object",
"description": "Enable OAuth2 login flow",
"properties": {
"client": {
"type": "object",
"description": "OAuth2 client settings",
"properties": {
"registration": {
"type": "object",
"description": "OAuth2 Login flow provider-specific settings",
"patternProperties": {
"^[a-zA-Z0-9_]+$": {
"type": "object",
"description": "OAuth2 client registration settings",
"properties": {
"issuer": {
"type": "string",
"description": "The URI used to discover the configuration information for an OAuth 2.0 or OpenID Connect 1.0 Provider."
},
"clientId": {
"type": "string",
"description": "The client identifier."
},
"clientSecret": {
"type": "string",
"description": "The client secret."
}
}
}
}
},
"provider": {
"type": "object",
"description": "OAuth2 client authentication provider settings",
"patternProperties": {
"^[a-zA-Z0-9_]+$": {
"authorizationUrl": {
"type": "string",
"description": "The Authorization Endpoint URI for the Authorization Server."
},
"tokenUri": {
"type": "string",
"description": "The Token Endpoint URI for the Authorization Server."
},
"userInfoUri": {
"type": "string",
"description": "The UserInfo Endpoint URI used to access the claims/attributes of the authenticated end-user."
},
"userNameAttribute": {
"type": "string",
"description": "The name of the attribute returned in the UserInfo Response that references the Name or Identifier of the end-user.",
"default": "sub"
},
"jwkSetUri": {
"type": "string",
"description": "The URI used to retrieve the JSON Web Key (JWK) Set from the Authorization Server, which contains the cryptographic key(s) used to verify the JSON Web Signature (JWS) of the ID Token and optionally the UserInfo Response."
}
}
}
}
}
}
}
}
}
}
}
},
"port": {
"$ref": "#/$defs/port",
"default": 7563
Expand Down

0 comments on commit 43a7c57

Please sign in to comment.