spring.profiles.active
This commit is contained in:
MaxKey
@@ -61,7 +61,6 @@ import org.maxkey.persistence.db.LoginHistoryService;
|
||||
|
||||
@Configuration
|
||||
@PropertySource(ConstantsProperties.applicationPropertySource)
|
||||
@PropertySource(ConstantsProperties.maxKeyPropertySource)
|
||||
public class AuthenticationAutoConfiguration implements InitializingBean {
|
||||
private static final Logger _logger =
|
||||
LoggerFactory.getLogger(AuthenticationAutoConfiguration.class);
|
||||
@@ -151,8 +150,8 @@ public class AuthenticationAutoConfiguration implements InitializingBean {
|
||||
*/
|
||||
@Bean(name = "remeberMeService")
|
||||
public AbstractRemeberMeService remeberMeService(
|
||||
@Value("${config.server.persistence}") int persistence,
|
||||
@Value("${config.login.remeberme.validity}") int validity,
|
||||
@Value("${maxkey.server.persistence}") int persistence,
|
||||
@Value("${maxkey.login.remeberme.validity}") int validity,
|
||||
JdbcTemplate jdbcTemplate,
|
||||
RedisConnectionFactory redisConnFactory) {
|
||||
return new RemeberMeServiceFactory().getService(persistence, jdbcTemplate, redisConnFactory);
|
||||
@@ -160,7 +159,7 @@ public class AuthenticationAutoConfiguration implements InitializingBean {
|
||||
|
||||
@Bean(name = "onlineTicketServices")
|
||||
public OnlineTicketServices onlineTicketServices(
|
||||
@Value("${config.server.persistence}") int persistence,
|
||||
@Value("${maxkey.server.persistence}") int persistence,
|
||||
JdbcTemplate jdbcTemplate,
|
||||
RedisConnectionFactory redisConnFactory) {
|
||||
return new OnlineTicketServicesFactory().getService(persistence, jdbcTemplate, redisConnFactory);
|
||||
|
||||
@@ -41,7 +41,6 @@ import org.springframework.core.io.ClassPathResource;
|
||||
|
||||
@Configuration
|
||||
@PropertySource(ConstantsProperties.applicationPropertySource)
|
||||
@PropertySource(ConstantsProperties.maxKeyPropertySource)
|
||||
public class JwtAuthnAutoConfiguration implements InitializingBean {
|
||||
private static final Logger _logger = LoggerFactory.getLogger(JwtAuthnAutoConfiguration.class);
|
||||
|
||||
@@ -52,13 +51,13 @@ public class JwtAuthnAutoConfiguration implements InitializingBean {
|
||||
*/
|
||||
@Bean(name = "oidcProviderMetadata")
|
||||
public OIDCProviderMetadataDetails OIDCProviderMetadataDetails(
|
||||
@Value("${config.oidc.metadata.issuer}")
|
||||
@Value("${maxkey.oidc.metadata.issuer}")
|
||||
String issuer,
|
||||
@Value("${config.oidc.metadata.authorizationEndpoint}")
|
||||
@Value("${maxkey.oidc.metadata.authorizationEndpoint}")
|
||||
URI authorizationEndpoint,
|
||||
@Value("${config.oidc.metadata.tokenEndpoint}")
|
||||
@Value("${maxkey.oidc.metadata.tokenEndpoint}")
|
||||
URI tokenEndpoint,
|
||||
@Value("${config.oidc.metadata.userinfoEndpoint}")
|
||||
@Value("${maxkey.oidc.metadata.userinfoEndpoint}")
|
||||
URI userinfoEndpoint) {
|
||||
_logger.debug("RedisConnectionFactory init .");
|
||||
OIDCProviderMetadataDetails oidcProviderMetadata = new OIDCProviderMetadataDetails();
|
||||
|
||||
@@ -51,7 +51,7 @@ public class SmsOtpAuthn extends AbstractOtpAuthn {
|
||||
Resource resource = new ClassPathResource(
|
||||
ConstantsProperties.classPathResource(
|
||||
ConstantsProperties.classPathResource(
|
||||
ConstantsProperties.maxKeyPropertySource)));
|
||||
ConstantsProperties.applicationPropertySource)));
|
||||
properties = new Properties();
|
||||
properties.load(resource.getInputStream());
|
||||
}
|
||||
|
||||
@@ -29,6 +29,7 @@ import org.maxkey.constants.ConstantsProperties;
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
import org.springframework.beans.factory.InitializingBean;
|
||||
import org.springframework.beans.factory.annotation.Value;
|
||||
import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.ComponentScan;
|
||||
@@ -42,27 +43,34 @@ import org.springframework.jdbc.core.JdbcTemplate;
|
||||
@ComponentScan(basePackages = {
|
||||
"org.maxkey.authn.support.socialsignon"
|
||||
})
|
||||
@PropertySource(ConstantsProperties.maxKeyPropertySource)
|
||||
@PropertySource(ConstantsProperties.applicationPropertySource)
|
||||
public class SocialSignOnAutoConfiguration implements InitializingBean {
|
||||
private static final Logger _logger = LoggerFactory.getLogger(SocialSignOnAutoConfiguration.class);
|
||||
|
||||
@Bean(name = "socialSignOnProviderService")
|
||||
@ConditionalOnClass(SocialSignOnProvider.class)
|
||||
public SocialSignOnProviderService socialSignOnProviderService() throws IOException {
|
||||
public SocialSignOnProviderService socialSignOnProviderService(
|
||||
@Value("${spring.profiles.active}")String profilesActive) throws IOException {
|
||||
SocialSignOnProviderService socialSignOnProviderService = new SocialSignOnProviderService();
|
||||
|
||||
_logger.trace("spring.profiles.active " + profilesActive);
|
||||
|
||||
Resource resource = new ClassPathResource(
|
||||
ConstantsProperties.classPathResource(ConstantsProperties.classPathResource(ConstantsProperties.maxKeyPropertySource)));
|
||||
ConstantsProperties.classPathResource(
|
||||
ConstantsProperties.classPathResource(
|
||||
ConstantsProperties.applicationPropertySource,
|
||||
profilesActive)));
|
||||
|
||||
Properties properties = new Properties();
|
||||
properties.load(resource.getInputStream());
|
||||
String [] providerList =properties.get("config.login.socialsignon.providers").toString().split(",");
|
||||
String [] providerList =properties.get("maxkey.login.socialsignon.providers").toString().split(",");
|
||||
List<SocialSignOnProvider> socialSignOnProviderList = new ArrayList<SocialSignOnProvider>();
|
||||
for(String provider : providerList) {
|
||||
String providerName = properties.getProperty("config.socialsignon."+provider+".provider.name");
|
||||
String icon=properties.getProperty("config.socialsignon."+provider+".icon");
|
||||
String clientId=properties.getProperty("config.socialsignon."+provider+".client.id");
|
||||
String clientSecret=properties.getProperty("config.socialsignon."+provider+".client.secret");
|
||||
String sortOrder = properties.getProperty("config.socialsignon."+provider+".sortorder");
|
||||
String providerName = properties.getProperty("maxkey.socialsignon."+provider+".provider.name");
|
||||
String icon=properties.getProperty("maxkey.socialsignon."+provider+".icon");
|
||||
String clientId=properties.getProperty("maxkey.socialsignon."+provider+".client.id");
|
||||
String clientSecret=properties.getProperty("maxkey.socialsignon."+provider+".client.secret");
|
||||
String sortOrder = properties.getProperty("maxkey.socialsignon."+provider+".sortorder");
|
||||
SocialSignOnProvider socialSignOnProvider = new SocialSignOnProvider();
|
||||
socialSignOnProvider.setProvider(provider);
|
||||
socialSignOnProvider.setProviderName(providerName);
|
||||
|
||||
@@ -56,7 +56,6 @@ import org.springframework.security.crypto.scrypt.SCryptPasswordEncoder;
|
||||
|
||||
@Configuration
|
||||
@PropertySource(ConstantsProperties.applicationPropertySource)
|
||||
@PropertySource(ConstantsProperties.maxKeyPropertySource)
|
||||
public class ApplicationAutoConfiguration implements InitializingBean {
|
||||
private static final Logger _logger =
|
||||
LoggerFactory.getLogger(ApplicationAutoConfiguration.class);
|
||||
@@ -76,19 +75,18 @@ public class ApplicationAutoConfiguration implements InitializingBean {
|
||||
@Bean (name = "propertySourcesPlaceholderConfigurer")
|
||||
public PropertySourcesPlaceholderConfigurer propertySourcesPlaceholderConfigurer()
|
||||
throws IOException {
|
||||
ClassPathResource classPathResource1 =
|
||||
ClassPathResource classPathApplicationPropertySource =
|
||||
new ClassPathResource(ConstantsProperties.classPathResource(
|
||||
ConstantsProperties.applicationPropertySource));
|
||||
ClassPathResource classPathResource2 =
|
||||
new ClassPathResource(ConstantsProperties.classPathResource(
|
||||
ConstantsProperties.maxKeyPropertySource));
|
||||
|
||||
|
||||
PropertySourcesPlaceholderConfigurer configurer =
|
||||
new PropertySourcesPlaceholderConfigurer();
|
||||
configurer.setLocations(
|
||||
configurer.setLocations(classPathApplicationPropertySource);
|
||||
/*configurer.setLocations(
|
||||
classPathResource1,
|
||||
classPathResource2
|
||||
);
|
||||
);*/
|
||||
configurer.setIgnoreUnresolvablePlaceholders(true);
|
||||
_logger.debug("PropertySourcesPlaceholderConfigurer init");
|
||||
return configurer;
|
||||
@@ -150,9 +148,9 @@ public class ApplicationAutoConfiguration implements InitializingBean {
|
||||
*/
|
||||
@Bean(name = "keyStoreLoader")
|
||||
public KeyStoreLoader keyStoreLoader(
|
||||
@Value("${config.saml.v20.idp.issuing.entity.id}") String entityName,
|
||||
@Value("${config.saml.v20.idp.keystore.password}") String keystorePassword,
|
||||
@Value("${config.saml.v20.idp.keystore}") Resource keystoreFile) {
|
||||
@Value("${maxkey.saml.v20.idp.issuing.entity.id}") String entityName,
|
||||
@Value("${maxkey.saml.v20.idp.keystore.password}") String keystorePassword,
|
||||
@Value("${maxkey.saml.v20.idp.keystore}") Resource keystoreFile) {
|
||||
KeyStoreLoader keyStoreLoader = new KeyStoreLoader();
|
||||
keyStoreLoader.setEntityName(entityName);
|
||||
keyStoreLoader.setKeystorePassword(keystorePassword);
|
||||
@@ -166,9 +164,9 @@ public class ApplicationAutoConfiguration implements InitializingBean {
|
||||
*/
|
||||
@Bean(name = "spKeyStoreLoader")
|
||||
public KeyStoreLoader spKeyStoreLoader(
|
||||
@Value("${config.saml.v20.sp.issuing.entity.id}") String entityName,
|
||||
@Value("${config.saml.v20.sp.keystore.password}") String keystorePassword,
|
||||
@Value("${config.saml.v20.sp.keystore}") Resource keystoreFile) {
|
||||
@Value("${maxkey.saml.v20.sp.issuing.entity.id}") String entityName,
|
||||
@Value("${maxkey.saml.v20.sp.keystore.password}") String keystorePassword,
|
||||
@Value("${maxkey.saml.v20.sp.keystore}") Resource keystoreFile) {
|
||||
KeyStoreLoader keyStoreLoader = new KeyStoreLoader();
|
||||
keyStoreLoader.setEntityName(entityName);
|
||||
keyStoreLoader.setKeystorePassword(keystorePassword);
|
||||
@@ -182,7 +180,7 @@ public class ApplicationAutoConfiguration implements InitializingBean {
|
||||
*/
|
||||
@Bean(name = "spIssuingEntityName")
|
||||
public String spIssuingEntityName(
|
||||
@Value("${config.saml.v20.sp.issuing.entity.id}") String spIssuingEntityName) {
|
||||
@Value("${maxkey.saml.v20.sp.issuing.entity.id}") String spIssuingEntityName) {
|
||||
return spIssuingEntityName;
|
||||
}
|
||||
|
||||
|
||||
@@ -58,7 +58,6 @@ import org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandl
|
||||
|
||||
@Configuration
|
||||
@PropertySource(ConstantsProperties.applicationPropertySource)
|
||||
@PropertySource(ConstantsProperties.maxKeyPropertySource)
|
||||
public class MvcAutoConfiguration implements InitializingBean {
|
||||
private static final Logger _logger = LoggerFactory.getLogger(MvcAutoConfiguration.class);
|
||||
|
||||
@@ -68,7 +67,7 @@ public class MvcAutoConfiguration implements InitializingBean {
|
||||
*/
|
||||
@Bean (name = "localeResolver")
|
||||
public CookieLocaleResolver cookieLocaleResolver(
|
||||
@Value("${config.server.domain:maxkey.top}")String domainName) {
|
||||
@Value("${maxkey.server.domain:maxkey.top}")String domainName) {
|
||||
_logger.debug("DomainName " + domainName);
|
||||
CookieLocaleResolver cookieLocaleResolver = new CookieLocaleResolver();
|
||||
cookieLocaleResolver.setCookieName("maxkey_lang");
|
||||
|
||||
@@ -36,7 +36,6 @@ import org.springframework.stereotype.Component;
|
||||
*
|
||||
*/
|
||||
@Component
|
||||
@PropertySource(ConstantsProperties.maxKeyPropertySource)
|
||||
@PropertySource(ConstantsProperties.applicationPropertySource)
|
||||
public class ApplicationConfig {
|
||||
private static final Logger _logger = LoggerFactory.getLogger(ApplicationConfig.class);
|
||||
@@ -50,22 +49,22 @@ public class ApplicationConfig {
|
||||
@Autowired
|
||||
LoginConfig loginConfig;
|
||||
|
||||
@Value("${config.server.basedomain}")
|
||||
@Value("${maxkey.server.basedomain}")
|
||||
String baseDomainName;
|
||||
|
||||
@Value("${config.server.domain}")
|
||||
@Value("${maxkey.server.domain}")
|
||||
String domainName;
|
||||
|
||||
@Value("${config.server.name}")
|
||||
@Value("${maxkey.server.name}")
|
||||
String serverName;
|
||||
|
||||
@Value("${config.server.uri}")
|
||||
@Value("${maxkey.server.uri}")
|
||||
String serverPrefix;
|
||||
|
||||
@Value("${config.server.default.uri}")
|
||||
@Value("${maxkey.server.default.uri}")
|
||||
String defaultUri;
|
||||
|
||||
@Value("${config.server.management.uri}")
|
||||
@Value("${maxkey.server.management.uri}")
|
||||
String managementUri;
|
||||
|
||||
@Value("${server.port:8080}")
|
||||
@@ -74,10 +73,10 @@ public class ApplicationConfig {
|
||||
@Value("${server.servlet.session.timeout:1800}")
|
||||
private int sessionTimeout;
|
||||
|
||||
@Value("${config.identity.kafkasupport:false}")
|
||||
@Value("${maxkey.identity.kafkasupport:false}")
|
||||
private boolean kafkaSupport;
|
||||
|
||||
@Value("${config.maxkey.uri}")
|
||||
@Value("${maxkey.maxkey.uri}")
|
||||
private String maxKeyUri;
|
||||
|
||||
public int getPort() {
|
||||
|
||||
@@ -23,31 +23,31 @@ import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.context.annotation.PropertySource;
|
||||
|
||||
@Configuration
|
||||
@PropertySource(ConstantsProperties.maxKeyPropertySource)
|
||||
@PropertySource(ConstantsProperties.applicationPropertySource)
|
||||
public class LoginConfig {
|
||||
@Value("${config.login.captcha}")
|
||||
@Value("${maxkey.login.captcha}")
|
||||
boolean captcha;
|
||||
|
||||
//验证码类型 text 文本 , arithmetic算术验证码
|
||||
@Value("${config.login.captcha.type:text}")
|
||||
@Value("${maxkey.login.captcha.type:text}")
|
||||
String captchaType;
|
||||
|
||||
@Value("${config.login.mfa}")
|
||||
@Value("${maxkey.login.mfa}")
|
||||
boolean mfa;
|
||||
|
||||
@Value("${config.login.socialsignon}")
|
||||
@Value("${maxkey.login.socialsignon}")
|
||||
boolean socialSignOn;
|
||||
|
||||
@Value("${config.login.kerberos}")
|
||||
@Value("${maxkey.login.kerberos}")
|
||||
boolean kerberos;
|
||||
|
||||
@Value("${config.login.remeberme}")
|
||||
@Value("${maxkey.login.remeberme}")
|
||||
boolean remeberMe;
|
||||
|
||||
@Value("${config.login.wsfederation}")
|
||||
@Value("${maxkey.login.wsfederation}")
|
||||
boolean wsFederation;
|
||||
|
||||
@Value("${config.login.default.uri}")
|
||||
@Value("${maxkey.login.default.uri}")
|
||||
String defaultUri;
|
||||
|
||||
/**
|
||||
|
||||
@@ -24,9 +24,6 @@ public class ConstantsProperties {
|
||||
public static final String applicationPropertySource =
|
||||
"classpath:/application.properties";
|
||||
|
||||
public static final String maxKeyPropertySource =
|
||||
"classpath:/maxkey.properties";
|
||||
|
||||
public static final String kaptchaPropertySource =
|
||||
"classpath:/kaptcha.properties";
|
||||
|
||||
@@ -34,8 +31,16 @@ public class ConstantsProperties {
|
||||
return propertySource.replaceAll("classpath:","");
|
||||
}
|
||||
|
||||
public static String classPathResource(String propertySource,String active) {
|
||||
if(active == null || active.equals("")) {
|
||||
return propertySource.replaceAll("classpath:","");
|
||||
}
|
||||
return propertySource.replace(".", "-"+active+".").replaceAll("classpath:","");
|
||||
}
|
||||
|
||||
@Test
|
||||
public void classPathResourceTest() {
|
||||
System.out.println(classPathResource(maxKeyPropertySource));
|
||||
System.out.println(classPathResource(applicationPropertySource));
|
||||
System.out.println(classPathResource(applicationPropertySource,"active"));
|
||||
}
|
||||
}
|
||||
|
||||
@@ -37,7 +37,7 @@ import org.springframework.jdbc.core.JdbcTemplate;
|
||||
@ComponentScan(basePackages = {
|
||||
"org.maxkey.authz.cas.endpoint"
|
||||
})
|
||||
@PropertySource(ConstantsProperties.maxKeyPropertySource)
|
||||
@PropertySource(ConstantsProperties.applicationPropertySource)
|
||||
public class CasAutoConfiguration implements InitializingBean {
|
||||
private static final Logger _logger = LoggerFactory.getLogger(CasAutoConfiguration.class);
|
||||
|
||||
@@ -49,8 +49,8 @@ public class CasAutoConfiguration implements InitializingBean {
|
||||
*/
|
||||
@Bean(name = "casTicketServices")
|
||||
public TicketServices casTicketServices(
|
||||
@Value("${config.server.persistence}") int persistence,
|
||||
@Value("${config.login.remeberme.validity}") int validity,
|
||||
@Value("${maxkey.server.persistence}") int persistence,
|
||||
@Value("${maxkey.login.remeberme.validity}") int validity,
|
||||
JdbcTemplate jdbcTemplate,
|
||||
RedisConnectionFactory redisConnFactory) {
|
||||
_logger.debug("init casTicketServices.");
|
||||
@@ -65,8 +65,8 @@ public class CasAutoConfiguration implements InitializingBean {
|
||||
*/
|
||||
@Bean(name = "casTicketGrantingTicketServices")
|
||||
public TicketServices casTicketGrantingTicketServices(
|
||||
@Value("${config.server.persistence}") int persistence,
|
||||
@Value("${config.login.remeberme.validity}") int validity,
|
||||
@Value("${maxkey.server.persistence}") int persistence,
|
||||
@Value("${maxkey.login.remeberme.validity}") int validity,
|
||||
JdbcTemplate jdbcTemplate,
|
||||
RedisConnectionFactory redisConnFactory) {
|
||||
_logger.debug("init casTicketGrantingTicketServices.");
|
||||
@@ -75,8 +75,8 @@ public class CasAutoConfiguration implements InitializingBean {
|
||||
|
||||
@Bean(name = "casProxyGrantingTicketServices")
|
||||
public TicketServices casProxyGrantingTicketServices(
|
||||
@Value("${config.server.persistence}") int persistence,
|
||||
@Value("${config.login.remeberme.validity}") int validity,
|
||||
@Value("${maxkey.server.persistence}") int persistence,
|
||||
@Value("${maxkey.login.remeberme.validity}") int validity,
|
||||
JdbcTemplate jdbcTemplate,
|
||||
RedisConnectionFactory redisConnFactory) {
|
||||
_logger.debug("init casTicketGrantingTicketServices.");
|
||||
|
||||
@@ -71,7 +71,6 @@ import com.nimbusds.jose.JWEAlgorithm;
|
||||
"org.maxkey.authz.oauth2.provider.approval.controller"
|
||||
})
|
||||
@PropertySource(ConstantsProperties.applicationPropertySource)
|
||||
@PropertySource(ConstantsProperties.maxKeyPropertySource)
|
||||
public class Oauth20AutoConfiguration implements InitializingBean {
|
||||
private static final Logger _logger = LoggerFactory.getLogger(Oauth20AutoConfiguration.class);
|
||||
|
||||
@@ -93,13 +92,13 @@ public class Oauth20AutoConfiguration implements InitializingBean {
|
||||
*/
|
||||
@Bean(name = "oidcProviderMetadata")
|
||||
public OIDCProviderMetadataDetails OIDCProviderMetadataDetails(
|
||||
@Value("${config.oidc.metadata.issuer}")
|
||||
@Value("${maxkey.oidc.metadata.issuer}")
|
||||
String issuer,
|
||||
@Value("${config.oidc.metadata.authorizationEndpoint}")
|
||||
@Value("${maxkey.oidc.metadata.authorizationEndpoint}")
|
||||
URI authorizationEndpoint,
|
||||
@Value("${config.oidc.metadata.tokenEndpoint}")
|
||||
@Value("${maxkey.oidc.metadata.tokenEndpoint}")
|
||||
URI tokenEndpoint,
|
||||
@Value("${config.oidc.metadata.userinfoEndpoint}")
|
||||
@Value("${maxkey.oidc.metadata.userinfoEndpoint}")
|
||||
URI userinfoEndpoint) {
|
||||
_logger.debug("OIDCProviderMetadataDetails init .");
|
||||
OIDCProviderMetadataDetails oidcProviderMetadata = new OIDCProviderMetadataDetails();
|
||||
@@ -203,7 +202,7 @@ public class Oauth20AutoConfiguration implements InitializingBean {
|
||||
*/
|
||||
@Bean(name = "oauth20AuthorizationCodeServices")
|
||||
public AuthorizationCodeServices oauth20AuthorizationCodeServices(
|
||||
@Value("${config.server.persistence}") int persistence,
|
||||
@Value("${maxkey.server.persistence}") int persistence,
|
||||
JdbcTemplate jdbcTemplate,
|
||||
RedisConnectionFactory redisConnFactory) {
|
||||
return new AuthorizationCodeServicesFactory().getService(persistence, jdbcTemplate, redisConnFactory);
|
||||
@@ -216,7 +215,7 @@ public class Oauth20AutoConfiguration implements InitializingBean {
|
||||
*/
|
||||
@Bean(name = "oauth20TokenStore")
|
||||
public TokenStore oauth20TokenStore(
|
||||
@Value("${config.server.persistence}") int persistence,
|
||||
@Value("${maxkey.server.persistence}") int persistence,
|
||||
JdbcTemplate jdbcTemplate,
|
||||
RedisConnectionFactory redisConnFactory) {
|
||||
|
||||
|
||||
@@ -59,7 +59,6 @@ import org.springframework.ui.velocity.VelocityEngineFactoryBean;
|
||||
"org.maxkey.authz.saml20.metadata.endpoint",
|
||||
})
|
||||
@PropertySource(ConstantsProperties.applicationPropertySource)
|
||||
@PropertySource(ConstantsProperties.maxKeyPropertySource)
|
||||
public class Saml20AutoConfiguration implements InitializingBean {
|
||||
private static final Logger _logger = LoggerFactory.getLogger(Saml20AutoConfiguration.class);
|
||||
|
||||
@@ -110,7 +109,7 @@ public class Saml20AutoConfiguration implements InitializingBean {
|
||||
*/
|
||||
@Bean(name = "authnResponseGenerator")
|
||||
public AuthnResponseGenerator authnResponseGenerator(TimeService timeService,IDService idService,
|
||||
@Value("${config.saml.v20.idp.issuer}") String issuerEntityName) {
|
||||
@Value("${maxkey.saml.v20.idp.issuer}") String issuerEntityName) {
|
||||
AuthnResponseGenerator generator = new AuthnResponseGenerator(issuerEntityName,timeService,idService);
|
||||
return generator;
|
||||
}
|
||||
@@ -121,7 +120,7 @@ public class Saml20AutoConfiguration implements InitializingBean {
|
||||
*/
|
||||
@Bean(name = "issuerEntityName")
|
||||
public String issuerEntityName(
|
||||
@Value("${config.saml.v20.idp.issuer}") String issuerEntityName) {
|
||||
@Value("${maxkey.saml.v20.idp.issuer}") String issuerEntityName) {
|
||||
return issuerEntityName;
|
||||
}
|
||||
|
||||
@@ -131,15 +130,15 @@ public class Saml20AutoConfiguration implements InitializingBean {
|
||||
*/
|
||||
@Bean(name = "saml20Metadata")
|
||||
public Saml20Metadata saml20Metadata(
|
||||
@Value("${config.saml.v20.metadata.orgName}") String orgName,
|
||||
@Value("${config.saml.v20.metadata.orgDisplayName}") String orgDisplayName,
|
||||
@Value("${config.saml.v20.metadata.orgURL}") String orgURL,
|
||||
@Value("${config.saml.v20.metadata.company}") String company,
|
||||
@Value("${config.saml.v20.metadata.contactType}") String contactType,
|
||||
@Value("${config.saml.v20.metadata.givenName}") String givenName,
|
||||
@Value("${config.saml.v20.metadata.surName}") String surName,
|
||||
@Value("${config.saml.v20.metadata.emailAddress}") String emailAddress,
|
||||
@Value("${config.saml.v20.metadata.telephoneNumber}") String telephoneNumber) {
|
||||
@Value("${maxkey.saml.v20.metadata.orgName}") String orgName,
|
||||
@Value("${maxkey.saml.v20.metadata.orgDisplayName}") String orgDisplayName,
|
||||
@Value("${maxkey.saml.v20.metadata.orgURL}") String orgURL,
|
||||
@Value("${maxkey.saml.v20.metadata.company}") String company,
|
||||
@Value("${maxkey.saml.v20.metadata.contactType}") String contactType,
|
||||
@Value("${maxkey.saml.v20.metadata.givenName}") String givenName,
|
||||
@Value("${maxkey.saml.v20.metadata.surName}") String surName,
|
||||
@Value("${maxkey.saml.v20.metadata.emailAddress}") String emailAddress,
|
||||
@Value("${maxkey.saml.v20.metadata.telephoneNumber}") String telephoneNumber) {
|
||||
Saml20Metadata metadata = new Saml20Metadata();
|
||||
metadata.setOrgName(orgName);
|
||||
metadata.setOrgDisplayName(orgDisplayName);
|
||||
@@ -197,7 +196,7 @@ public class Saml20AutoConfiguration implements InitializingBean {
|
||||
*/
|
||||
@Bean(name = "replayCache")
|
||||
public ReplayCache replayCache(MapBasedStorageService mapBasedStorageService,
|
||||
@Value("${config.saml.v20.replay.cache.life.in.millis}") long duration) {
|
||||
@Value("${maxkey.saml.v20.replay.cache.life.in.millis}") long duration) {
|
||||
ReplayCache replayCache = new ReplayCache(mapBasedStorageService,duration);
|
||||
return replayCache;
|
||||
}
|
||||
@@ -218,7 +217,7 @@ public class Saml20AutoConfiguration implements InitializingBean {
|
||||
*/
|
||||
@Bean(name = "samlParserPool")
|
||||
public BasicParserPool samlParserPool(
|
||||
@Value("${config.saml.v20.max.parser.pool.size}") int maxPoolSize) {
|
||||
@Value("${maxkey.saml.v20.max.parser.pool.size}") int maxPoolSize) {
|
||||
BasicParserPool samlParserPool = new BasicParserPool();
|
||||
samlParserPool.setMaxPoolSize(maxPoolSize);
|
||||
return samlParserPool;
|
||||
@@ -230,8 +229,8 @@ public class Saml20AutoConfiguration implements InitializingBean {
|
||||
*/
|
||||
@Bean(name = "issueInstantRule")
|
||||
public IssueInstantRule issueInstantRule(
|
||||
@Value("${config.saml.v20.issue.instant.check.clock.skew.in.seconds}") int newClockSkew,
|
||||
@Value("${config.saml.v20.issue.instant.check.validity.time.in.seconds}") int newExpires) {
|
||||
@Value("${maxkey.saml.v20.issue.instant.check.clock.skew.in.seconds}") int newClockSkew,
|
||||
@Value("${maxkey.saml.v20.issue.instant.check.validity.time.in.seconds}") int newExpires) {
|
||||
IssueInstantRule decoder = new IssueInstantRule(newClockSkew,newExpires);
|
||||
decoder.setRequiredRule(true);
|
||||
return decoder;
|
||||
@@ -243,7 +242,7 @@ public class Saml20AutoConfiguration implements InitializingBean {
|
||||
*/
|
||||
@Bean(name = "openHTTPPostSimpleSignDecoder")
|
||||
public OpenHTTPPostSimpleSignDecoder openHTTPPostSimpleSignDecoder(BasicParserPool samlParserPool,
|
||||
@Value("${config.saml.v20.idp.receiver.endpoint}") String receiverEndpoint) {
|
||||
@Value("${maxkey.saml.v20.idp.receiver.endpoint}") String receiverEndpoint) {
|
||||
OpenHTTPPostSimpleSignDecoder decoder = new OpenHTTPPostSimpleSignDecoder(samlParserPool);
|
||||
decoder.setReceiverEndpoint(receiverEndpoint);
|
||||
return decoder;
|
||||
@@ -255,7 +254,7 @@ public class Saml20AutoConfiguration implements InitializingBean {
|
||||
*/
|
||||
@Bean(name = "openHTTPPostDecoder")
|
||||
public OpenHTTPPostDecoder openHTTPPostDecoder(BasicParserPool samlParserPool,
|
||||
@Value("${config.saml.v20.idp.receiver.endpoint}") String receiverEndpoint) {
|
||||
@Value("${maxkey.saml.v20.idp.receiver.endpoint}") String receiverEndpoint) {
|
||||
OpenHTTPPostDecoder decoder = new OpenHTTPPostDecoder(samlParserPool);
|
||||
decoder.setReceiverEndpoint(receiverEndpoint);
|
||||
return decoder;
|
||||
@@ -267,7 +266,7 @@ public class Saml20AutoConfiguration implements InitializingBean {
|
||||
*/
|
||||
@Bean(name = "openHTTPRedirectDecoder")
|
||||
public OpenHTTPRedirectDecoder openHTTPRedirectDecoder(BasicParserPool samlParserPool,
|
||||
@Value("${config.saml.v20.idp.receiver.endpoint}") String receiverEndpoint) {
|
||||
@Value("${maxkey.saml.v20.idp.receiver.endpoint}") String receiverEndpoint) {
|
||||
OpenHTTPRedirectDecoder decoder = new OpenHTTPRedirectDecoder(samlParserPool);
|
||||
decoder.setReceiverEndpoint(receiverEndpoint);
|
||||
return decoder;
|
||||
@@ -308,7 +307,7 @@ public class Saml20AutoConfiguration implements InitializingBean {
|
||||
*/
|
||||
@Bean(name = "postSimpleSignBindingAdapter")
|
||||
public PostSimpleSignBindingAdapter postSimpleSignBindingAdapter(VelocityEngine velocityEngine,
|
||||
@Value("${config.saml.v20.idp.issuer}") String issuerEntityName) {
|
||||
@Value("${maxkey.saml.v20.idp.issuer}") String issuerEntityName) {
|
||||
PostSimpleSignBindingAdapter adapter = new PostSimpleSignBindingAdapter();
|
||||
adapter.setVelocityEngine(velocityEngine);
|
||||
adapter.setIssuerEntityName(issuerEntityName);
|
||||
@@ -321,7 +320,7 @@ public class Saml20AutoConfiguration implements InitializingBean {
|
||||
*/
|
||||
@Bean(name = "postBindingAdapter")
|
||||
public PostBindingAdapter postBindingAdapter(VelocityEngine velocityEngine,
|
||||
@Value("${config.saml.v20.idp.issuer}") String issuerEntityName) {
|
||||
@Value("${maxkey.saml.v20.idp.issuer}") String issuerEntityName) {
|
||||
PostBindingAdapter adapter = new PostBindingAdapter();
|
||||
adapter.setVelocityEngine(velocityEngine);
|
||||
adapter.setIssuerEntityName(issuerEntityName);
|
||||
|
||||
@@ -77,7 +77,7 @@ public class MaxKeyMgtConfig implements InitializingBean {
|
||||
*/
|
||||
@Bean(name = "oauth20TokenStore")
|
||||
public TokenStore oauth20TokenStore(
|
||||
@Value("${config.server.persistence}") int persistence,
|
||||
@Value("${maxkey.server.persistence}") int persistence,
|
||||
JdbcTemplate jdbcTemplate,
|
||||
RedisConnectionFactory jedisConnectionFactory) {
|
||||
TokenStore tokenStore = null;
|
||||
@@ -149,7 +149,7 @@ public class MaxKeyMgtConfig implements InitializingBean {
|
||||
public Scheduler schedulerJobs(
|
||||
SchedulerFactoryBean schedulerFactoryBean,
|
||||
GroupsService groupsService,
|
||||
@Value("${config.job.cron.dynamicgroups}") String cronScheduleDynamicGroups
|
||||
@Value("${maxkey.job.cron.dynamicgroups}") String cronScheduleDynamicGroups
|
||||
) throws SchedulerException {
|
||||
|
||||
Scheduler scheduler = schedulerFactoryBean.getScheduler();
|
||||
|
||||
@@ -101,3 +101,73 @@ management.security.enabled=false
|
||||
#management.endpoints.jmx.exposure.include=health,info
|
||||
management.endpoints.web.exposure.include=metrics,health,info,env,beans
|
||||
|
||||
############################################################################
|
||||
# domain name configuration
|
||||
maxkey.server.scheme=http
|
||||
maxkey.server.basedomain=maxkey.top
|
||||
maxkey.server.domain=sso.${maxkey.server.basedomain}
|
||||
maxkey.server.name=${maxkey.server.scheme}://${maxkey.server.domain}
|
||||
maxkey.server.uri=${maxkey.server.name}:9521/maxkey-mgt
|
||||
#default.uri
|
||||
maxkey.server.default.uri=${maxkey.server.uri}/main
|
||||
maxkey.maxkey.uri=https://${maxkey.server.domain}/maxkey
|
||||
#InMemory 0 , Redis 2
|
||||
maxkey.server.persistence=0
|
||||
#identity
|
||||
maxkey.identity.kafkasupport=false
|
||||
############################################################################
|
||||
# Login configuration
|
||||
#enable captcha
|
||||
maxkey.login.captcha=true
|
||||
#text or arithmetic
|
||||
maxkey.login.captcha.type=text
|
||||
#enable two factor,use one time password
|
||||
maxkey.login.mfa=false
|
||||
#enable social sign on
|
||||
maxkey.login.socialsignon=false
|
||||
#Enable kerberos/SPNEGO
|
||||
maxkey.login.kerberos=false
|
||||
#wsFederation
|
||||
maxkey.login.wsfederation=false
|
||||
#remeberme
|
||||
maxkey.login.remeberme=false
|
||||
#validity
|
||||
maxkey.login.remeberme.validity=0
|
||||
#default.uri
|
||||
#to appList page
|
||||
maxkey.login.default.uri=appList
|
||||
|
||||
maxkey.ipaddress.whitelist=false
|
||||
############################################################################
|
||||
# SAML V2.0 configuration
|
||||
# saml common
|
||||
maxkey.saml.v20.max.parser.pool.size=2
|
||||
maxkey.saml.v20.assertion.validity.time.ins.seconds=90
|
||||
maxkey.saml.v20.replay.cache.life.in.millis=14400000
|
||||
maxkey.saml.v20.issue.instant.check.clock.skew.in.seconds=90
|
||||
maxkey.saml.v20.issue.instant.check.validity.time.in.seconds=300
|
||||
|
||||
#saml idp keystore
|
||||
maxkey.saml.v20.idp.keystore.password=maxkey
|
||||
maxkey.saml.v20.idp.keystore.private.key.password=maxkey
|
||||
maxkey.saml.v20.idp.keystore=classpath\:config/samlServerKeystore.jks
|
||||
#keystore id for sec
|
||||
maxkey.saml.v20.idp.issuing.entity.id=maxkey.top
|
||||
maxkey.saml.v20.idp.issuer=https://sso.maxkey.top/maxkey/saml
|
||||
|
||||
maxkey.saml.v20.idp.receiver.endpoint=https\://sso.maxkey.top/
|
||||
|
||||
#saml sp keystore
|
||||
maxkey.saml.v20.sp.keystore.password=maxkey
|
||||
maxkey.saml.v20.sp.keystore.private.key.password=maxkey
|
||||
maxkey.saml.v20.sp.keystore=classpath\:config/samlClientKeystore.jks
|
||||
maxkey.saml.v20.sp.issuing.entity.id=client.maxkey.org
|
||||
|
||||
############################################################################
|
||||
maxkey.oidc.metadata.issuer=https://${maxkey.server.domain}/maxkey
|
||||
maxkey.oidc.metadata.authorizationEndpoint=${maxkey.server.name}/maxkey/oauth/v20/authorize
|
||||
maxkey.oidc.metadata.tokenEndpoint=${maxkey.server.name}/maxkey/oauth/v20/token
|
||||
maxkey.oidc.metadata.userinfoEndpoint=${maxkey.server.name}/maxkey/api/connect/userinfo
|
||||
#############################################################################
|
||||
#one hour for refresh dynamic groups
|
||||
maxkey.job.cron.dynamicgroups=0 0 0/1 * * ?
|
||||
@@ -1,71 +1,2 @@
|
||||
############################################################################
|
||||
# MaxKey Management
|
||||
############################################################################
|
||||
# domain name configuration
|
||||
config.server.basedomain=maxkey.top
|
||||
config.server.domain=sso.${config.server.basedomain}
|
||||
config.server.name=http://${config.server.domain}
|
||||
config.server.uri=${config.server.name}:9521/maxkey-mgt
|
||||
#default.uri
|
||||
config.server.default.uri=${config.server.uri}/main
|
||||
config.maxkey.uri=https://${config.server.domain}/maxkey
|
||||
#InMemory 0 , Redis 2
|
||||
config.server.persistence=0
|
||||
#identity
|
||||
config.identity.kafkasupport=false
|
||||
############################################################################
|
||||
# Login configuration
|
||||
#enable captcha
|
||||
config.login.captcha=true
|
||||
#text or arithmetic
|
||||
config.login.captcha.type=text
|
||||
#enable two factor,use one time password
|
||||
config.login.mfa=false
|
||||
#enable social sign on
|
||||
config.login.socialsignon=false
|
||||
#Enable kerberos/SPNEGO
|
||||
config.login.kerberos=false
|
||||
#wsFederation
|
||||
config.login.wsfederation=false
|
||||
#remeberme
|
||||
config.login.remeberme=false
|
||||
#validity
|
||||
config.login.remeberme.validity=0
|
||||
#default.uri
|
||||
#to appList page
|
||||
config.login.default.uri=appList
|
||||
|
||||
config.ipaddress.whitelist=false
|
||||
############################################################################
|
||||
# SAML V2.0 configuration
|
||||
# saml common
|
||||
config.saml.v20.max.parser.pool.size=2
|
||||
config.saml.v20.assertion.validity.time.ins.seconds=90
|
||||
config.saml.v20.replay.cache.life.in.millis=14400000
|
||||
config.saml.v20.issue.instant.check.clock.skew.in.seconds=90
|
||||
config.saml.v20.issue.instant.check.validity.time.in.seconds=300
|
||||
|
||||
#saml idp keystore
|
||||
config.saml.v20.idp.keystore.password=maxkey
|
||||
config.saml.v20.idp.keystore.private.key.password=maxkey
|
||||
config.saml.v20.idp.keystore=classpath\:config/samlServerKeystore.jks
|
||||
#keystore id for sec
|
||||
config.saml.v20.idp.issuing.entity.id=maxkey.top
|
||||
config.saml.v20.idp.issuer=https://sso.maxkey.top/maxkey/saml
|
||||
|
||||
config.saml.v20.idp.receiver.endpoint=https\://sso.maxkey.top/
|
||||
|
||||
#saml sp keystore
|
||||
config.saml.v20.sp.keystore.password=maxkey
|
||||
config.saml.v20.sp.keystore.private.key.password=maxkey
|
||||
config.saml.v20.sp.keystore=classpath\:config/samlClientKeystore.jks
|
||||
config.saml.v20.sp.issuing.entity.id=client.maxkey.org
|
||||
|
||||
############################################################################
|
||||
config.oidc.metadata.issuer=https://${config.server.domain}/maxkey
|
||||
config.oidc.metadata.authorizationEndpoint=${config.server.name}/maxkey/oauth/v20/authorize
|
||||
config.oidc.metadata.tokenEndpoint=${config.server.name}/maxkey/oauth/v20/token
|
||||
config.oidc.metadata.userinfoEndpoint=${config.server.name}/maxkey/api/connect/userinfo
|
||||
#############################################################################
|
||||
#one hour for refresh dynamic groups
|
||||
config.job.cron.dynamicgroups=0 0 0/1 * * ?
|
||||
@@ -60,7 +60,6 @@ import org.springframework.security.crypto.password.PasswordEncoder;
|
||||
@Configuration
|
||||
//@ImportResource(locations = { "classpath:spring/maxkey.xml" })
|
||||
@PropertySource(ConstantsProperties.applicationPropertySource)
|
||||
@PropertySource(ConstantsProperties.maxKeyPropertySource)
|
||||
@ComponentScan(basePackages = {
|
||||
"org.maxkey.configuration",
|
||||
"org.maxkey.domain",
|
||||
@@ -84,15 +83,15 @@ public class MaxKeyConfig implements InitializingBean {
|
||||
|
||||
@Bean(name = "keyUriFormat")
|
||||
public KeyUriFormat keyUriFormat(
|
||||
@Value("${config.otp.keyuri.format.type:totp}")
|
||||
@Value("${maxkey.otp.keyuri.format.type:totp}")
|
||||
String keyuriFormatType,
|
||||
@Value("${config.otp.keyuri.format.domain:MaxKey.top}")
|
||||
@Value("${maxkey.otp.keyuri.format.domain:MaxKey.top}")
|
||||
String keyuriFormatDomain,
|
||||
@Value("${config.otp.keyuri.format.issuer:MaxKey}")
|
||||
@Value("${maxkey.otp.keyuri.format.issuer:MaxKey}")
|
||||
String keyuriFormatIssuer,
|
||||
@Value("${config.otp.keyuri.format.digits:6}")
|
||||
@Value("${maxkey.otp.keyuri.format.digits:6}")
|
||||
int keyuriFormatDigits,
|
||||
@Value("${config.otp.keyuri.format.period:30}")
|
||||
@Value("${maxkey.otp.keyuri.format.period:30}")
|
||||
int keyuriFormatPeriod) {
|
||||
|
||||
KeyUriFormat keyUriFormat=new KeyUriFormat();
|
||||
@@ -174,8 +173,8 @@ public class MaxKeyConfig implements InitializingBean {
|
||||
//default tfaOtpAuthn
|
||||
@Bean(name = "tfaOtpAuthn")
|
||||
public AbstractOtpAuthn tfaOptAuthn(
|
||||
@Value("${config.login.mfa.type}")String mfaType,
|
||||
@Value("${config.server.persistence}") int persistence,
|
||||
@Value("${maxkey.login.mfa.type}")String mfaType,
|
||||
@Value("${maxkey.server.persistence}") int persistence,
|
||||
MailOtpAuthn tfaMailOtpAuthn,
|
||||
RedisConnectionFactory redisConnFactory) {
|
||||
|
||||
@@ -222,8 +221,8 @@ public class MaxKeyConfig implements InitializingBean {
|
||||
|
||||
@Bean(name = "tfaMobileOtpAuthn")
|
||||
public SmsOtpAuthn smsOtpAuthn(
|
||||
@Value("${config.otp.sms}")String optSmsProvider,
|
||||
@Value("${config.server.persistence}") int persistence,
|
||||
@Value("${maxkey.otp.sms}")String optSmsProvider,
|
||||
@Value("${maxkey.server.persistence}") int persistence,
|
||||
RedisConnectionFactory redisConnFactory) {
|
||||
SmsOtpAuthn smsOtpAuthn = null;
|
||||
if(optSmsProvider.equalsIgnoreCase("SmsOtpAuthnAliyun")) {
|
||||
@@ -246,13 +245,13 @@ public class MaxKeyConfig implements InitializingBean {
|
||||
|
||||
@Bean(name = "kerberosService")
|
||||
public RemoteKerberosService kerberosService(
|
||||
@Value("${config.support.kerberos.default.userdomain}")
|
||||
@Value("${maxkey.support.kerberos.default.userdomain}")
|
||||
String userDomain,
|
||||
@Value("${config.support.kerberos.default.fulluserdomain}")
|
||||
@Value("${maxkey.support.kerberos.default.fulluserdomain}")
|
||||
String fullUserDomain,
|
||||
@Value("${config.support.kerberos.default.crypto}")
|
||||
@Value("${maxkey.support.kerberos.default.crypto}")
|
||||
String crypto,
|
||||
@Value("${config.support.kerberos.default.redirecturi}")
|
||||
@Value("${maxkey.support.kerberos.default.redirecturi}")
|
||||
String redirectUri
|
||||
) {
|
||||
RemoteKerberosService kerberosService = new RemoteKerberosService();
|
||||
|
||||
@@ -45,7 +45,7 @@ import org.springframework.web.servlet.i18n.LocaleChangeInterceptor;
|
||||
|
||||
@Configuration
|
||||
@EnableWebMvc
|
||||
@PropertySource(ConstantsProperties.maxKeyPropertySource)
|
||||
@PropertySource(ConstantsProperties.applicationPropertySource)
|
||||
public class MaxKeyMvcConfig implements WebMvcConfigurer {
|
||||
private static final Logger _logger = LoggerFactory.getLogger(MaxKeyMvcConfig.class);
|
||||
|
||||
@@ -80,13 +80,13 @@ public class MaxKeyMvcConfig implements WebMvcConfigurer {
|
||||
@Autowired
|
||||
HistoryLoginAppAdapter historyLoginAppAdapter;
|
||||
|
||||
@Value("${config.support.httpheader.enable:false}")
|
||||
@Value("${maxkey.support.httpheader.enable:false}")
|
||||
private boolean httpHeaderEnable;
|
||||
|
||||
@Value("${config.support.httpheader.headername:iv-user}")
|
||||
@Value("${maxkey.support.httpheader.headername:iv-user}")
|
||||
private String httpHeaderName;
|
||||
|
||||
@Value("${config.support.basic.enable:false}")
|
||||
@Value("${maxkey.support.basic.enable:false}")
|
||||
private boolean basicEnable;
|
||||
|
||||
@Override
|
||||
|
||||
@@ -115,3 +115,240 @@ management.security.enabled=false
|
||||
#management.endpoints.jmx.exposure.include=health,info
|
||||
management.endpoints.web.exposure.include=metrics,health,info,env
|
||||
|
||||
|
||||
############################################################################
|
||||
# domain name configuration
|
||||
maxkey.server.scheme=http
|
||||
maxkey.server.basedomain=maxkey.top
|
||||
maxkey.server.domain=sso.${config.server.basedomain}
|
||||
maxkey.server.name=${maxkey.server.scheme}://${maxkey.server.domain}
|
||||
maxkey.server.uri=${maxkey.server.name}/maxkey
|
||||
#default.uri
|
||||
maxkey.server.default.uri=${maxkey.server.uri}/maxkey/appList
|
||||
maxkey.server.management.uri=${maxkey.server.name}:9521/maxkey-mgt/login
|
||||
#InMemory 0 , Redis 2
|
||||
maxkey.server.persistence=0
|
||||
#identity
|
||||
maxkey.identity.kafkasupport=false
|
||||
|
||||
maxkey.app.issuer=CN=ConSec,CN=COM,CN=SH
|
||||
############################################################################
|
||||
# Login configuration
|
||||
#enable captcha
|
||||
maxkey.login.captcha=true
|
||||
#text or arithmetic
|
||||
maxkey.login.captcha.type=text
|
||||
#enable two factor,use one time password
|
||||
maxkey.login.mfa=true
|
||||
#TimeBasedOtpAuthn MailOtpAuthn SmsOtpAuthnYunxin SmsOtpAuthnAliyun SmsOtpAuthnTencentCloud
|
||||
maxkey.login.mfa.type=TimeBasedOtpAuthn
|
||||
#enable social sign on
|
||||
maxkey.login.socialsignon=true
|
||||
#social sign on providers
|
||||
maxkey.login.socialsignon.providers=gitee,wechatopen,sinaweibo,google,qq,dingtalk,microsoft,facebook
|
||||
#Enable kerberos/SPNEGO
|
||||
maxkey.login.kerberos=true
|
||||
#wsFederation
|
||||
maxkey.login.wsfederation=false
|
||||
#remeberme
|
||||
maxkey.login.remeberme=true
|
||||
#validity
|
||||
maxkey.login.remeberme.validity=0
|
||||
|
||||
#to default application web site
|
||||
maxkey.login.default.uri=appList
|
||||
|
||||
maxkey.ipaddress.whitelist=false
|
||||
|
||||
#SmsOtpAuthnYunxin SmsOtpAuthnAliyun SmsOtpAuthnTencentCloud
|
||||
maxkey.otp.sms=SmsOtpAuthnYunxin
|
||||
|
||||
maxkey.otp.sms.aliyun.accesskeyid=94395d754eb55693043f5d6a2b772ef4
|
||||
maxkey.otp.sms.aliyun.accesssecret=05d5485357bc
|
||||
maxkey.otp.sms.aliyun.templatecode=14860095
|
||||
maxkey.otp.sms.aliyun.signname=maxkey
|
||||
|
||||
maxkey.otp.sms.yunxin.appkey=94395d754eb55693043f5d6a2b772ef4
|
||||
maxkey.otp.sms.yunxin.appsecret=05d5485357bc
|
||||
maxkey.otp.sms.yunxin.templateid=14860095
|
||||
|
||||
maxkey.otp.sms.tencentcloud.secretid=94395d754eb55693043f5d6a2b772ef4
|
||||
maxkey.otp.sms.tencentcloud.secretkey=05d5485357bc
|
||||
maxkey.otp.sms.tencentcloud.smssdkappid=1486220095
|
||||
maxkey.otp.sms.tencentcloud.templateid=14860095
|
||||
maxkey.otp.sms.tencentcloud.sign=1486009522
|
||||
|
||||
maxkey.otp.keyuri.format.type=totp
|
||||
maxkey.otp.keyuri.format.digits=6
|
||||
maxkey.otp.keyuri.format.issuer=MaxKey
|
||||
maxkey.otp.keyuri.format.domain=${maxkey.server.domain}
|
||||
maxkey.otp.keyuri.format.period=30
|
||||
|
||||
############################################################################
|
||||
# Kerberos Login configuration
|
||||
############################################################################
|
||||
#short name of user domain must be in upper case,eg:MAXKEY
|
||||
maxkey.support.kerberos.default.userdomain=MAXKEY
|
||||
#short name of user domain must be in upper case,eg:MAXKEY.ORG
|
||||
maxkey.support.kerberos.default.fulluserdomain=MAXKEY.ORG
|
||||
#last 8Bit crypto for Kerberos web Authentication
|
||||
maxkey.support.kerberos.default.crypto=846KZSzYq56M6d5o
|
||||
#Kerberos Authentication server RUL
|
||||
maxkey.support.kerberos.default.redirecturi=http://sso.maxkey.top/kerberos/authn/
|
||||
############################################################################
|
||||
# HTTPHEADER Login configuration
|
||||
############################################################################
|
||||
maxkey.support.httpheader.enable=false
|
||||
maxkey.support.httpheader.headername=header-user
|
||||
# iv-user is for IBM Security Access Manager
|
||||
#config.httpheader.headername=iv-user
|
||||
|
||||
############################################################################
|
||||
# BASIC Login support configuration
|
||||
############################################################################
|
||||
|
||||
maxkey.support.basic.enable=false
|
||||
|
||||
#############################################################################
|
||||
# WsFederation Login support configuration
|
||||
#identifier: the identifer for the ADFS server
|
||||
#url: the login url for ADFS
|
||||
#principal: the name of the attribute/assertion returned by ADFS that contains the principal's username.
|
||||
#relyingParty: the identifier of the CAS Server as it has been configured in ADFS.
|
||||
#tolerance: (optional) the amount of drift to allow when validating the timestamp on the token. Default: 10000 (ms)
|
||||
#attributeMutator: (optional) a class (defined by you) that can modify the attributes/assertions returned by the ADFS server
|
||||
#signingCertificate: ADFS's signing certificate used to validate the token/assertions issued by ADFS.
|
||||
############################################################################
|
||||
|
||||
maxkey.support.wsfederation.identifier=http://adfs.maxkey.top/adfs/services/trust
|
||||
maxkey.support.wsfederation.url=https://adfs.maxkey.top/adfs/ls/
|
||||
maxkey.support.wsfederation.principal=upn
|
||||
maxkey.support.wsfederation.relyingParty=urn:federation:connsec
|
||||
maxkey.support.wsfederation.signingCertificate=adfs-signing.crt
|
||||
maxkey.support.wsfederation.tolerance=10000
|
||||
maxkey.support.wsfederation.upn.suffix=maxkey.org
|
||||
maxkey.support.wsfederation.logoutUrl=https://adfs.maxkey.top/adfs/ls/?wa=wsignout1.0
|
||||
#############################################################################
|
||||
|
||||
#############################################################################
|
||||
# OIDC V1.0 METADATA configuration
|
||||
maxkey.oidc.metadata.issuer=${maxkey.server.name}/maxkey
|
||||
maxkey.oidc.metadata.authorizationEndpoint=${maxkey.server.name}/maxkey/oauth/v20/authorize
|
||||
maxkey.oidc.metadata.tokenEndpoint=${maxkey.server.name}/maxkey/oauth/v20/token
|
||||
maxkey.oidc.metadata.userinfoEndpoint=${maxkey.server.name}/maxkey/api/connect/userinfo
|
||||
|
||||
#############################################################################
|
||||
# SAML V2.0 configuration
|
||||
#saml common
|
||||
maxkey.saml.v20.max.parser.pool.size=2
|
||||
maxkey.saml.v20.assertion.validity.time.ins.seconds=90
|
||||
maxkey.saml.v20.replay.cache.life.in.millis=14400000
|
||||
maxkey.saml.v20.issue.instant.check.clock.skew.in.seconds=90
|
||||
maxkey.saml.v20.issue.instant.check.validity.time.in.seconds=300
|
||||
|
||||
|
||||
#saml idp keystore
|
||||
maxkey.saml.v20.idp.keystore.password=maxkey
|
||||
maxkey.saml.v20.idp.keystore.private.key.password=maxkey
|
||||
maxkey.saml.v20.idp.keystore=classpath\:config/samlServerKeystore.jks
|
||||
#keystore id for sec
|
||||
maxkey.saml.v20.idp.issuing.entity.id=maxkey.top
|
||||
maxkey.saml.v20.idp.issuer=https://sso.maxkey.top/maxkey/saml
|
||||
|
||||
maxkey.saml.v20.idp.receiver.endpoint=https\://sso.maxkey.top/
|
||||
|
||||
#saml sp keystore
|
||||
maxkey.saml.v20.sp.keystore.password=maxkey
|
||||
maxkey.saml.v20.sp.keystore.private.key.password=maxkey
|
||||
maxkey.saml.v20.sp.keystore=classpath\:config/samlClientKeystore.jks
|
||||
maxkey.saml.v20.sp.issuing.entity.id=client.maxkey.org
|
||||
|
||||
#Saml v20 METADATA
|
||||
maxkey.saml.v20.metadata.orgName=MaxKeyTop
|
||||
maxkey.saml.v20.metadata.orgDisplayName=MaxKeyTop
|
||||
maxkey.saml.v20.metadata.orgURL=https://www.maxkey.top
|
||||
maxkey.saml.v20.metadata.contactType=technical
|
||||
maxkey.saml.v20.metadata.company=MaxKeyTop
|
||||
maxkey.saml.v20.metadata.givenName=maxkey
|
||||
maxkey.saml.v20.metadata.surName=maxkey
|
||||
maxkey.saml.v20.metadata.emailAddress=maxkeysupport@163.com
|
||||
maxkey.saml.v20.metadata.telephoneNumber=4008981111
|
||||
|
||||
############################################################################
|
||||
# Social Sign On Configuration #
|
||||
#you config client.id & client.secret only
|
||||
############################################################################
|
||||
|
||||
############################################################################
|
||||
#gitee
|
||||
maxkey.socialsignon.gitee.provider=gitee
|
||||
maxkey.socialsignon.gitee.provider.name=Gitee
|
||||
maxkey.socialsignon.gitee.icon=images/social/gitee.png
|
||||
maxkey.socialsignon.gitee.client.id=ee6fdc484b3398d17e77d6ff37fd8b9fe502106398c7b22bf5522d3c01303f45
|
||||
maxkey.socialsignon.gitee.client.secret=d6c3558f295f044df538c966a9084166f9a877c7a7392543184007a5faccdbad
|
||||
maxkey.socialsignon.gitee.account.id=id
|
||||
maxkey.socialsignon.gitee.sortorder=1
|
||||
#wechat
|
||||
maxkey.socialsignon.wechatopen.provider=wechatopen
|
||||
maxkey.socialsignon.wechatopen.provider.name=\u5fae\u4fe1
|
||||
maxkey.socialsignon.wechatopen.icon=images/social/wechat.png
|
||||
maxkey.socialsignon.wechatopen.client.id=ee6fdc484b3398d17e7
|
||||
maxkey.socialsignon.wechatopen.client.secret=7a5faccdbad
|
||||
maxkey.socialsignon.wechatopen.account.id=id
|
||||
maxkey.socialsignon.wechatopen.sortorder=2
|
||||
|
||||
#sina weibo
|
||||
maxkey.socialsignon.sinaweibo.provider=sinaweibo
|
||||
maxkey.socialsignon.sinaweibo.provider.name=\u65b0\u6d6a\u5fae\u535a
|
||||
maxkey.socialsignon.sinaweibo.icon=images/social/weibo.png
|
||||
maxkey.socialsignon.sinaweibo.client.id=3379757634
|
||||
maxkey.socialsignon.sinaweibo.client.secret=1adfdf9800299037bcab9d1c238664ba
|
||||
maxkey.socialsignon.sinaweibo.account.id=id
|
||||
maxkey.socialsignon.sinaweibo.sortorder=3
|
||||
|
||||
#Google
|
||||
maxkey.socialsignon.google.provider=google
|
||||
maxkey.socialsignon.google.provider.name=Google
|
||||
maxkey.socialsignon.google.icon=images/social/google.png
|
||||
maxkey.socialsignon.google.client.id=519914515488.apps.googleusercontent.com
|
||||
maxkey.socialsignon.google.client.secret=3aTW3Iw7e11QqMnHxciCaXTt
|
||||
maxkey.socialsignon.google.account.id=id
|
||||
maxkey.socialsignon.google.sortorder=4
|
||||
|
||||
#dingtalk
|
||||
maxkey.socialsignon.dingtalk.provider=dingtalk
|
||||
maxkey.socialsignon.dingtalk.provider.name=dingtalk
|
||||
maxkey.socialsignon.dingtalk.icon=images/social/dingtalk.png
|
||||
maxkey.socialsignon.dingtalk.client.id=dingoawf2jyiwh2uzqnphg
|
||||
maxkey.socialsignon.dingtalk.client.secret=Crm7YJbMKfRlvG2i1SHpg4GHVpqF_oXiEjhmRQyiSiuzNRWpbFh9i0UjDTfhOoN9
|
||||
maxkey.socialsignon.dingtalk.account.id=openid
|
||||
maxkey.socialsignon.dingtalk.sortorder=5
|
||||
|
||||
#QQ
|
||||
maxkey.socialsignon.qq.provider=qq
|
||||
maxkey.socialsignon.qq.provider.name=QQ
|
||||
maxkey.socialsignon.qq.icon=images/social/qq.png
|
||||
maxkey.socialsignon.qq.client.id=101225363
|
||||
maxkey.socialsignon.qq.client.secret=8577d75e0eb4a91ac549cc8be3371bfd
|
||||
maxkey.socialsignon.qq.account.id=openid
|
||||
maxkey.socialsignon.qq.sortorder=6
|
||||
|
||||
|
||||
|
||||
#Microsoft
|
||||
maxkey.socialsignon.microsoft.provider=microsoft
|
||||
maxkey.socialsignon.microsoft.provider.name=Microsoft
|
||||
maxkey.socialsignon.microsoft.icon=images/social/microsoft.png
|
||||
maxkey.socialsignon.microsoft.client.id=24aa73b6-7928-4e64-bd64-d8682e650f95
|
||||
maxkey.socialsignon.microsoft.client.secret=PF[_AthtjVrtWVO2mNy@CJxY1@Z8FNf5
|
||||
maxkey.socialsignon.microsoft.account.id=id
|
||||
maxkey.socialsignon.microsoft.sortorder=7
|
||||
|
||||
#facebook
|
||||
maxkey.socialsignon.facebook.provider=facebook
|
||||
maxkey.socialsignon.facebook.provider.name=facebook
|
||||
maxkey.socialsignon.facebook.icon=images/social/facebook.png
|
||||
maxkey.socialsignon.facebook.client.id=appKey
|
||||
maxkey.socialsignon.facebook.client.secret=appSecret
|
||||
maxkey.socialsignon.facebook.account.id=id
|
||||
maxkey.socialsignon.facebook.sortorder=8
|
||||
|
||||
@@ -122,3 +122,240 @@ management.security.enabled=false
|
||||
#management.endpoints.jmx.exposure.include=health,info
|
||||
management.endpoints.web.exposure.include=metrics,health,info,env
|
||||
|
||||
|
||||
############################################################################
|
||||
# domain name configuration
|
||||
maxkey.server.scheme=https
|
||||
maxkey.server.basedomain=maxkey.top
|
||||
maxkey.server.domain=sso.${maxkey.server.basedomain}
|
||||
maxkey.server.name=${maxkey.server.scheme}://${maxkey.server.domain}
|
||||
maxkey.server.uri=${maxkey.server.name}/maxkey
|
||||
#default.uri
|
||||
maxkey.server.default.uri=${maxkey.server.uri}/maxkey/appList
|
||||
maxkey.server.management.uri=${maxkey.server.name}:9521/maxkey-mgt/login
|
||||
#InMemory 0 , Redis 2
|
||||
maxkey.server.persistence=0
|
||||
#identity
|
||||
maxkey.identity.kafkasupport=false
|
||||
|
||||
maxkey.app.issuer=CN=ConSec,CN=COM,CN=SH
|
||||
############################################################################
|
||||
# Login configuration
|
||||
#enable captcha
|
||||
maxkey.login.captcha=true
|
||||
#text or arithmetic
|
||||
maxkey.login.captcha.type=text
|
||||
#enable two factor,use one time password
|
||||
maxkey.login.mfa=true
|
||||
#TimeBasedOtpAuthn MailOtpAuthn SmsOtpAuthnYunxin SmsOtpAuthnAliyun SmsOtpAuthnTencentCloud
|
||||
maxkey.login.mfa.type=TimeBasedOtpAuthn
|
||||
#enable social sign on
|
||||
maxkey.login.socialsignon=true
|
||||
#social sign on providers
|
||||
maxkey.login.socialsignon.providers=gitee,wechatopen,sinaweibo,google,qq,dingtalk,microsoft,facebook
|
||||
#Enable kerberos/SPNEGO
|
||||
maxkey.login.kerberos=true
|
||||
#wsFederation
|
||||
maxkey.login.wsfederation=false
|
||||
#remeberme
|
||||
maxkey.login.remeberme=true
|
||||
#validity
|
||||
maxkey.login.remeberme.validity=0
|
||||
|
||||
#to default application web site
|
||||
maxkey.login.default.uri=appList
|
||||
|
||||
maxkey.ipaddress.whitelist=false
|
||||
|
||||
#SmsOtpAuthnYunxin SmsOtpAuthnAliyun SmsOtpAuthnTencentCloud
|
||||
maxkey.otp.sms=SmsOtpAuthnYunxin
|
||||
|
||||
maxkey.otp.sms.aliyun.accesskeyid=94395d754eb55693043f5d6a2b772ef4
|
||||
maxkey.otp.sms.aliyun.accesssecret=05d5485357bc
|
||||
maxkey.otp.sms.aliyun.templatecode=14860095
|
||||
maxkey.otp.sms.aliyun.signname=maxkey
|
||||
|
||||
maxkey.otp.sms.yunxin.appkey=94395d754eb55693043f5d6a2b772ef4
|
||||
maxkey.otp.sms.yunxin.appsecret=05d5485357bc
|
||||
maxkey.otp.sms.yunxin.templateid=14860095
|
||||
|
||||
maxkey.otp.sms.tencentcloud.secretid=94395d754eb55693043f5d6a2b772ef4
|
||||
maxkey.otp.sms.tencentcloud.secretkey=05d5485357bc
|
||||
maxkey.otp.sms.tencentcloud.smssdkappid=1486220095
|
||||
maxkey.otp.sms.tencentcloud.templateid=14860095
|
||||
maxkey.otp.sms.tencentcloud.sign=1486009522
|
||||
|
||||
maxkey.otp.keyuri.format.type=totp
|
||||
maxkey.otp.keyuri.format.digits=6
|
||||
maxkey.otp.keyuri.format.issuer=MaxKey
|
||||
maxkey.otp.keyuri.format.domain=${maxkey.server.domain}
|
||||
maxkey.otp.keyuri.format.period=30
|
||||
|
||||
############################################################################
|
||||
# Kerberos Login configuration
|
||||
############################################################################
|
||||
#short name of user domain must be in upper case,eg:MAXKEY
|
||||
maxkey.support.kerberos.default.userdomain=MAXKEY
|
||||
#short name of user domain must be in upper case,eg:MAXKEY.ORG
|
||||
maxkey.support.kerberos.default.fulluserdomain=MAXKEY.ORG
|
||||
#last 8Bit crypto for Kerberos web Authentication
|
||||
maxkey.support.kerberos.default.crypto=846KZSzYq56M6d5o
|
||||
#Kerberos Authentication server RUL
|
||||
maxkey.support.kerberos.default.redirecturi=http://sso.maxkey.top/kerberos/authn/
|
||||
############################################################################
|
||||
# HTTPHEADER Login configuration
|
||||
############################################################################
|
||||
maxkey.support.httpheader.enable=false
|
||||
maxkey.support.httpheader.headername=header-user
|
||||
# iv-user is for IBM Security Access Manager
|
||||
#config.httpheader.headername=iv-user
|
||||
|
||||
############################################################################
|
||||
# BASIC Login support configuration
|
||||
############################################################################
|
||||
|
||||
maxkey.support.basic.enable=false
|
||||
|
||||
#############################################################################
|
||||
# WsFederation Login support configuration
|
||||
#identifier: the identifer for the ADFS server
|
||||
#url: the login url for ADFS
|
||||
#principal: the name of the attribute/assertion returned by ADFS that contains the principal's username.
|
||||
#relyingParty: the identifier of the CAS Server as it has been configured in ADFS.
|
||||
#tolerance: (optional) the amount of drift to allow when validating the timestamp on the token. Default: 10000 (ms)
|
||||
#attributeMutator: (optional) a class (defined by you) that can modify the attributes/assertions returned by the ADFS server
|
||||
#signingCertificate: ADFS's signing certificate used to validate the token/assertions issued by ADFS.
|
||||
############################################################################
|
||||
|
||||
maxkey.support.wsfederation.identifier=http://adfs.maxkey.top/adfs/services/trust
|
||||
maxkey.support.wsfederation.url=https://adfs.maxkey.top/adfs/ls/
|
||||
maxkey.support.wsfederation.principal=upn
|
||||
maxkey.support.wsfederation.relyingParty=urn:federation:connsec
|
||||
maxkey.support.wsfederation.signingCertificate=adfs-signing.crt
|
||||
maxkey.support.wsfederation.tolerance=10000
|
||||
maxkey.support.wsfederation.upn.suffix=maxkey.org
|
||||
maxkey.support.wsfederation.logoutUrl=https://adfs.maxkey.top/adfs/ls/?wa=wsignout1.0
|
||||
#############################################################################
|
||||
|
||||
#############################################################################
|
||||
# OIDC V1.0 METADATA configuration
|
||||
maxkey.oidc.metadata.issuer=${maxkey.server.name}/maxkey
|
||||
maxkey.oidc.metadata.authorizationEndpoint=${maxkey.server.name}/maxkey/oauth/v20/authorize
|
||||
maxkey.oidc.metadata.tokenEndpoint=${maxkey.server.name}/maxkey/oauth/v20/token
|
||||
maxkey.oidc.metadata.userinfoEndpoint=${maxkey.server.name}/maxkey/api/connect/userinfo
|
||||
|
||||
#############################################################################
|
||||
# SAML V2.0 configuration
|
||||
#saml common
|
||||
maxkey.saml.v20.max.parser.pool.size=2
|
||||
maxkey.saml.v20.assertion.validity.time.ins.seconds=90
|
||||
maxkey.saml.v20.replay.cache.life.in.millis=14400000
|
||||
maxkey.saml.v20.issue.instant.check.clock.skew.in.seconds=90
|
||||
maxkey.saml.v20.issue.instant.check.validity.time.in.seconds=300
|
||||
|
||||
|
||||
#saml idp keystore
|
||||
maxkey.saml.v20.idp.keystore.password=maxkey
|
||||
maxkey.saml.v20.idp.keystore.private.key.password=maxkey
|
||||
maxkey.saml.v20.idp.keystore=classpath\:config/samlServerKeystore.jks
|
||||
#keystore id for sec
|
||||
maxkey.saml.v20.idp.issuing.entity.id=maxkey.top
|
||||
maxkey.saml.v20.idp.issuer=https://sso.maxkey.top/maxkey/saml
|
||||
|
||||
maxkey.saml.v20.idp.receiver.endpoint=https\://sso.maxkey.top/
|
||||
|
||||
#saml sp keystore
|
||||
maxkey.saml.v20.sp.keystore.password=maxkey
|
||||
maxkey.saml.v20.sp.keystore.private.key.password=maxkey
|
||||
maxkey.saml.v20.sp.keystore=classpath\:config/samlClientKeystore.jks
|
||||
maxkey.saml.v20.sp.issuing.entity.id=client.maxkey.org
|
||||
|
||||
#Saml v20 METADATA
|
||||
maxkey.saml.v20.metadata.orgName=MaxKeyTop
|
||||
maxkey.saml.v20.metadata.orgDisplayName=MaxKeyTop
|
||||
maxkey.saml.v20.metadata.orgURL=https://www.maxkey.top
|
||||
maxkey.saml.v20.metadata.contactType=technical
|
||||
maxkey.saml.v20.metadata.company=MaxKeyTop
|
||||
maxkey.saml.v20.metadata.givenName=maxkey
|
||||
maxkey.saml.v20.metadata.surName=maxkey
|
||||
maxkey.saml.v20.metadata.emailAddress=maxkeysupport@163.com
|
||||
maxkey.saml.v20.metadata.telephoneNumber=4008981111
|
||||
|
||||
############################################################################
|
||||
# Social Sign On Configuration #
|
||||
#you config client.id & client.secret only
|
||||
############################################################################
|
||||
|
||||
############################################################################
|
||||
#gitee
|
||||
maxkey.socialsignon.gitee.provider=gitee
|
||||
maxkey.socialsignon.gitee.provider.name=Gitee
|
||||
maxkey.socialsignon.gitee.icon=images/social/gitee.png
|
||||
maxkey.socialsignon.gitee.client.id=ee6fdc484b3398d17e77d6ff37fd8b9fe502106398c7b22bf5522d3c01303f45
|
||||
maxkey.socialsignon.gitee.client.secret=d6c3558f295f044df538c966a9084166f9a877c7a7392543184007a5faccdbad
|
||||
maxkey.socialsignon.gitee.account.id=id
|
||||
maxkey.socialsignon.gitee.sortorder=1
|
||||
#wechat
|
||||
maxkey.socialsignon.wechatopen.provider=wechatopen
|
||||
maxkey.socialsignon.wechatopen.provider.name=\u5fae\u4fe1
|
||||
maxkey.socialsignon.wechatopen.icon=images/social/wechat.png
|
||||
maxkey.socialsignon.wechatopen.client.id=ee6fdc484b3398d17e7
|
||||
maxkey.socialsignon.wechatopen.client.secret=7a5faccdbad
|
||||
maxkey.socialsignon.wechatopen.account.id=id
|
||||
maxkey.socialsignon.wechatopen.sortorder=2
|
||||
|
||||
#sina weibo
|
||||
maxkey.socialsignon.sinaweibo.provider=sinaweibo
|
||||
maxkey.socialsignon.sinaweibo.provider.name=\u65b0\u6d6a\u5fae\u535a
|
||||
maxkey.socialsignon.sinaweibo.icon=images/social/weibo.png
|
||||
maxkey.socialsignon.sinaweibo.client.id=3379757634
|
||||
maxkey.socialsignon.sinaweibo.client.secret=1adfdf9800299037bcab9d1c238664ba
|
||||
maxkey.socialsignon.sinaweibo.account.id=id
|
||||
maxkey.socialsignon.sinaweibo.sortorder=3
|
||||
|
||||
#Google
|
||||
maxkey.socialsignon.google.provider=google
|
||||
maxkey.socialsignon.google.provider.name=Google
|
||||
maxkey.socialsignon.google.icon=images/social/google.png
|
||||
maxkey.socialsignon.google.client.id=519914515488.apps.googleusercontent.com
|
||||
maxkey.socialsignon.google.client.secret=3aTW3Iw7e11QqMnHxciCaXTt
|
||||
maxkey.socialsignon.google.account.id=id
|
||||
maxkey.socialsignon.google.sortorder=4
|
||||
|
||||
#dingtalk
|
||||
maxkey.socialsignon.dingtalk.provider=dingtalk
|
||||
maxkey.socialsignon.dingtalk.provider.name=dingtalk
|
||||
maxkey.socialsignon.dingtalk.icon=images/social/dingtalk.png
|
||||
maxkey.socialsignon.dingtalk.client.id=dingoawf2jyiwh2uzqnphg
|
||||
maxkey.socialsignon.dingtalk.client.secret=Crm7YJbMKfRlvG2i1SHpg4GHVpqF_oXiEjhmRQyiSiuzNRWpbFh9i0UjDTfhOoN9
|
||||
maxkey.socialsignon.dingtalk.account.id=openid
|
||||
maxkey.socialsignon.dingtalk.sortorder=5
|
||||
|
||||
#QQ
|
||||
maxkey.socialsignon.qq.provider=qq
|
||||
maxkey.socialsignon.qq.provider.name=QQ
|
||||
maxkey.socialsignon.qq.icon=images/social/qq.png
|
||||
maxkey.socialsignon.qq.client.id=101225363
|
||||
maxkey.socialsignon.qq.client.secret=8577d75e0eb4a91ac549cc8be3371bfd
|
||||
maxkey.socialsignon.qq.account.id=openid
|
||||
maxkey.socialsignon.qq.sortorder=6
|
||||
|
||||
|
||||
|
||||
#Microsoft
|
||||
maxkey.socialsignon.microsoft.provider=microsoft
|
||||
maxkey.socialsignon.microsoft.provider.name=Microsoft
|
||||
maxkey.socialsignon.microsoft.icon=images/social/microsoft.png
|
||||
maxkey.socialsignon.microsoft.client.id=24aa73b6-7928-4e64-bd64-d8682e650f95
|
||||
maxkey.socialsignon.microsoft.client.secret=PF[_AthtjVrtWVO2mNy@CJxY1@Z8FNf5
|
||||
maxkey.socialsignon.microsoft.account.id=id
|
||||
maxkey.socialsignon.microsoft.sortorder=7
|
||||
|
||||
#facebook
|
||||
maxkey.socialsignon.facebook.provider=facebook
|
||||
maxkey.socialsignon.facebook.provider.name=facebook
|
||||
maxkey.socialsignon.facebook.icon=images/social/facebook.png
|
||||
maxkey.socialsignon.facebook.client.id=appKey
|
||||
maxkey.socialsignon.facebook.client.secret=appSecret
|
||||
maxkey.socialsignon.facebook.account.id=id
|
||||
maxkey.socialsignon.facebook.sortorder=8
|
||||
|
||||
@@ -1,238 +0,0 @@
|
||||
############################################################################
|
||||
# MaxKey
|
||||
############################################################################
|
||||
# domain name configuration
|
||||
config.server.scheme=http
|
||||
config.server.basedomain=maxkey.top
|
||||
config.server.domain=sso.${config.server.basedomain}
|
||||
config.server.name=${config.server.scheme}://${config.server.domain}
|
||||
config.server.uri=${config.server.name}/maxkey
|
||||
#default.uri
|
||||
config.server.default.uri=${config.server.uri}/maxkey/appList
|
||||
config.server.management.uri=${config.server.name}:9521/maxkey-mgt/login
|
||||
#InMemory 0 , Redis 2
|
||||
config.server.persistence=0
|
||||
#identity
|
||||
config.identity.kafkasupport=false
|
||||
|
||||
config.app.issuer=CN=ConSec,CN=COM,CN=SH
|
||||
############################################################################
|
||||
# Login configuration
|
||||
#enable captcha
|
||||
config.login.captcha=true
|
||||
#text or arithmetic
|
||||
config.login.captcha.type=text
|
||||
#enable two factor,use one time password
|
||||
config.login.mfa=true
|
||||
#TimeBasedOtpAuthn MailOtpAuthn SmsOtpAuthnYunxin SmsOtpAuthnAliyun SmsOtpAuthnTencentCloud
|
||||
config.login.mfa.type=TimeBasedOtpAuthn
|
||||
#enable social sign on
|
||||
config.login.socialsignon=true
|
||||
#social sign on providers
|
||||
config.login.socialsignon.providers=gitee,wechatopen,sinaweibo,google,qq,dingtalk,microsoft,facebook
|
||||
#Enable kerberos/SPNEGO
|
||||
config.login.kerberos=true
|
||||
#wsFederation
|
||||
config.login.wsfederation=false
|
||||
#remeberme
|
||||
config.login.remeberme=true
|
||||
#validity
|
||||
config.login.remeberme.validity=0
|
||||
|
||||
#to default application web site
|
||||
config.login.default.uri=appList
|
||||
|
||||
config.ipaddress.whitelist=false
|
||||
|
||||
#SmsOtpAuthnYunxin SmsOtpAuthnAliyun SmsOtpAuthnTencentCloud
|
||||
config.otp.sms=SmsOtpAuthnYunxin
|
||||
|
||||
config.otp.sms.aliyun.accesskeyid=94395d754eb55693043f5d6a2b772ef4
|
||||
config.otp.sms.aliyun.accesssecret=05d5485357bc
|
||||
config.otp.sms.aliyun.templatecode=14860095
|
||||
config.otp.sms.aliyun.signname=maxkey
|
||||
|
||||
config.otp.sms.yunxin.appkey=94395d754eb55693043f5d6a2b772ef4
|
||||
config.otp.sms.yunxin.appsecret=05d5485357bc
|
||||
config.otp.sms.yunxin.templateid=14860095
|
||||
|
||||
config.otp.sms.tencentcloud.secretid=94395d754eb55693043f5d6a2b772ef4
|
||||
config.otp.sms.tencentcloud.secretkey=05d5485357bc
|
||||
config.otp.sms.tencentcloud.smssdkappid=1486220095
|
||||
config.otp.sms.tencentcloud.templateid=14860095
|
||||
config.otp.sms.tencentcloud.sign=1486009522
|
||||
|
||||
config.otp.keyuri.format.type=totp
|
||||
config.otp.keyuri.format.digits=6
|
||||
config.otp.keyuri.format.issuer=MaxKey
|
||||
config.otp.keyuri.format.domain=${config.server.domain}
|
||||
config.otp.keyuri.format.period=30
|
||||
|
||||
############################################################################
|
||||
# Kerberos Login configuration
|
||||
############################################################################
|
||||
#short name of user domain must be in upper case,eg:MAXKEY
|
||||
config.support.kerberos.default.userdomain=MAXKEY
|
||||
#short name of user domain must be in upper case,eg:MAXKEY.ORG
|
||||
config.support.kerberos.default.fulluserdomain=MAXKEY.ORG
|
||||
#last 8Bit crypto for Kerberos web Authentication
|
||||
config.support.kerberos.default.crypto=846KZSzYq56M6d5o
|
||||
#Kerberos Authentication server RUL
|
||||
config.support.kerberos.default.redirecturi=http://sso.maxkey.top/kerberos/authn/
|
||||
############################################################################
|
||||
# HTTPHEADER Login configuration
|
||||
############################################################################
|
||||
config.support.httpheader.enable=false
|
||||
config.support.httpheader.headername=header-user
|
||||
# iv-user is for IBM Security Access Manager
|
||||
#config.httpheader.headername=iv-user
|
||||
|
||||
############################################################################
|
||||
# BASIC Login support configuration
|
||||
############################################################################
|
||||
|
||||
config.support.basic.enable=false
|
||||
|
||||
#############################################################################
|
||||
# WsFederation Login support configuration
|
||||
#identifier: the identifer for the ADFS server
|
||||
#url: the login url for ADFS
|
||||
#principal: the name of the attribute/assertion returned by ADFS that contains the principal's username.
|
||||
#relyingParty: the identifier of the CAS Server as it has been configured in ADFS.
|
||||
#tolerance: (optional) the amount of drift to allow when validating the timestamp on the token. Default: 10000 (ms)
|
||||
#attributeMutator: (optional) a class (defined by you) that can modify the attributes/assertions returned by the ADFS server
|
||||
#signingCertificate: ADFS's signing certificate used to validate the token/assertions issued by ADFS.
|
||||
############################################################################
|
||||
|
||||
config.support.wsfederation.identifier=http://adfs.maxkey.top/adfs/services/trust
|
||||
config.support.wsfederation.url=https://adfs.maxkey.top/adfs/ls/
|
||||
config.support.wsfederation.principal=upn
|
||||
config.support.wsfederation.relyingParty=urn:federation:connsec
|
||||
config.support.wsfederation.signingCertificate=adfs-signing.crt
|
||||
config.support.wsfederation.tolerance=10000
|
||||
config.support.wsfederation.upn.suffix=maxkey.org
|
||||
config.support.wsfederation.logoutUrl=https://adfs.maxkey.top/adfs/ls/?wa=wsignout1.0
|
||||
#############################################################################
|
||||
|
||||
#############################################################################
|
||||
# OIDC V1.0 METADATA configuration
|
||||
config.oidc.metadata.issuer=${config.server.name}/maxkey
|
||||
config.oidc.metadata.authorizationEndpoint=${config.server.name}/maxkey/oauth/v20/authorize
|
||||
config.oidc.metadata.tokenEndpoint=${config.server.name}/maxkey/oauth/v20/token
|
||||
config.oidc.metadata.userinfoEndpoint=${config.server.name}/maxkey/api/connect/userinfo
|
||||
|
||||
#############################################################################
|
||||
# SAML V2.0 configuration
|
||||
#saml common
|
||||
config.saml.v20.max.parser.pool.size=2
|
||||
config.saml.v20.assertion.validity.time.ins.seconds=90
|
||||
config.saml.v20.replay.cache.life.in.millis=14400000
|
||||
config.saml.v20.issue.instant.check.clock.skew.in.seconds=90
|
||||
config.saml.v20.issue.instant.check.validity.time.in.seconds=300
|
||||
|
||||
|
||||
#saml idp keystore
|
||||
config.saml.v20.idp.keystore.password=maxkey
|
||||
config.saml.v20.idp.keystore.private.key.password=maxkey
|
||||
config.saml.v20.idp.keystore=classpath\:config/samlServerKeystore.jks
|
||||
#keystore id for sec
|
||||
config.saml.v20.idp.issuing.entity.id=maxkey.top
|
||||
config.saml.v20.idp.issuer=https://sso.maxkey.top/maxkey/saml
|
||||
|
||||
config.saml.v20.idp.receiver.endpoint=https\://sso.maxkey.top/
|
||||
|
||||
#saml sp keystore
|
||||
config.saml.v20.sp.keystore.password=maxkey
|
||||
config.saml.v20.sp.keystore.private.key.password=maxkey
|
||||
config.saml.v20.sp.keystore=classpath\:config/samlClientKeystore.jks
|
||||
config.saml.v20.sp.issuing.entity.id=client.maxkey.org
|
||||
|
||||
#Saml v20 METADATA
|
||||
config.saml.v20.metadata.orgName=MaxKeyTop
|
||||
config.saml.v20.metadata.orgDisplayName=MaxKeyTop
|
||||
config.saml.v20.metadata.orgURL=https://www.maxkey.top
|
||||
config.saml.v20.metadata.contactType=technical
|
||||
config.saml.v20.metadata.company=MaxKeyTop
|
||||
config.saml.v20.metadata.givenName=maxkey
|
||||
config.saml.v20.metadata.surName=maxkey
|
||||
config.saml.v20.metadata.emailAddress=maxkeysupport@163.com
|
||||
config.saml.v20.metadata.telephoneNumber=4008981111
|
||||
|
||||
############################################################################
|
||||
# Social Sign On Configuration #
|
||||
#you config client.id & client.secret only
|
||||
############################################################################
|
||||
|
||||
############################################################################
|
||||
#gitee
|
||||
config.socialsignon.gitee.provider=gitee
|
||||
config.socialsignon.gitee.provider.name=Gitee
|
||||
config.socialsignon.gitee.icon=images/social/gitee.png
|
||||
config.socialsignon.gitee.client.id=ee6fdc484b3398d17e77d6ff37fd8b9fe502106398c7b22bf5522d3c01303f45
|
||||
config.socialsignon.gitee.client.secret=d6c3558f295f044df538c966a9084166f9a877c7a7392543184007a5faccdbad
|
||||
config.socialsignon.gitee.account.id=id
|
||||
config.socialsignon.gitee.sortorder=1
|
||||
#wechat
|
||||
config.socialsignon.wechatopen.provider=wechatopen
|
||||
config.socialsignon.wechatopen.provider.name=\u5fae\u4fe1
|
||||
config.socialsignon.wechatopen.icon=images/social/wechat.png
|
||||
config.socialsignon.wechatopen.client.id=ee6fdc484b3398d17e7
|
||||
config.socialsignon.wechatopen.client.secret=7a5faccdbad
|
||||
config.socialsignon.wechatopen.account.id=id
|
||||
config.socialsignon.wechatopen.sortorder=2
|
||||
|
||||
#sina weibo
|
||||
config.socialsignon.sinaweibo.provider=sinaweibo
|
||||
config.socialsignon.sinaweibo.provider.name=\u65b0\u6d6a\u5fae\u535a
|
||||
config.socialsignon.sinaweibo.icon=images/social/weibo.png
|
||||
config.socialsignon.sinaweibo.client.id=3379757634
|
||||
config.socialsignon.sinaweibo.client.secret=1adfdf9800299037bcab9d1c238664ba
|
||||
config.socialsignon.sinaweibo.account.id=id
|
||||
config.socialsignon.sinaweibo.sortorder=3
|
||||
|
||||
#Google
|
||||
config.socialsignon.google.provider=google
|
||||
config.socialsignon.google.provider.name=Google
|
||||
config.socialsignon.google.icon=images/social/google.png
|
||||
config.socialsignon.google.client.id=519914515488.apps.googleusercontent.com
|
||||
config.socialsignon.google.client.secret=3aTW3Iw7e11QqMnHxciCaXTt
|
||||
config.socialsignon.google.account.id=id
|
||||
config.socialsignon.google.sortorder=4
|
||||
|
||||
#dingtalk
|
||||
config.socialsignon.dingtalk.provider=dingtalk
|
||||
config.socialsignon.dingtalk.provider.name=dingtalk
|
||||
config.socialsignon.dingtalk.icon=images/social/dingtalk.png
|
||||
config.socialsignon.dingtalk.client.id=dingoawf2jyiwh2uzqnphg
|
||||
config.socialsignon.dingtalk.client.secret=Crm7YJbMKfRlvG2i1SHpg4GHVpqF_oXiEjhmRQyiSiuzNRWpbFh9i0UjDTfhOoN9
|
||||
config.socialsignon.dingtalk.account.id=openid
|
||||
config.socialsignon.dingtalk.sortorder=5
|
||||
|
||||
#QQ
|
||||
config.socialsignon.qq.provider=qq
|
||||
config.socialsignon.qq.provider.name=QQ
|
||||
config.socialsignon.qq.icon=images/social/qq.png
|
||||
config.socialsignon.qq.client.id=101225363
|
||||
config.socialsignon.qq.client.secret=8577d75e0eb4a91ac549cc8be3371bfd
|
||||
config.socialsignon.qq.account.id=openid
|
||||
config.socialsignon.qq.sortorder=6
|
||||
|
||||
|
||||
|
||||
#Microsoft
|
||||
config.socialsignon.microsoft.provider=microsoft
|
||||
config.socialsignon.microsoft.provider.name=Microsoft
|
||||
config.socialsignon.microsoft.icon=images/social/microsoft.png
|
||||
config.socialsignon.microsoft.client.id=24aa73b6-7928-4e64-bd64-d8682e650f95
|
||||
config.socialsignon.microsoft.client.secret=PF[_AthtjVrtWVO2mNy@CJxY1@Z8FNf5
|
||||
config.socialsignon.microsoft.account.id=id
|
||||
config.socialsignon.microsoft.sortorder=7
|
||||
|
||||
#facebook
|
||||
config.socialsignon.facebook.provider=facebook
|
||||
config.socialsignon.facebook.provider.name=facebook
|
||||
config.socialsignon.facebook.icon=images/social/facebook.png
|
||||
config.socialsignon.facebook.client.id=appKey
|
||||
config.socialsignon.facebook.client.secret=appSecret
|
||||
config.socialsignon.facebook.account.id=id
|
||||
config.socialsignon.facebook.sortorder=8
|
||||
@@ -46,8 +46,6 @@ echo JAVA_HOME = %JAVA_HOME%
|
||||
echo JAVA = %JAVA_EXEC%
|
||||
echo JAVA = %JAVA_MAINCLASS%
|
||||
echo.
|
||||
%JAVA_EXEC% -version
|
||||
echo.
|
||||
echo ===============================================================================
|
||||
echo.
|
||||
|
||||
|
||||
@@ -40,7 +40,6 @@ echo JAVA_CONF : $JAVA_CONF
|
||||
echo JAVA_OPTS : $JAVA_OPTS
|
||||
echo JAVA_HOME : $JAVA_HOME
|
||||
echo JAVA : $JAVA_EXEC}
|
||||
${JAVA_EXEC} -version
|
||||
echo ""
|
||||
echo "-------------------------------------------------------------------------------"
|
||||
echo ""
|
||||
|
||||
@@ -46,8 +46,6 @@ echo JAVA_HOME = %JAVA_HOME%
|
||||
echo JAVA = %JAVA_EXEC%
|
||||
echo JAVA = %JAVA_MAINCLASS%
|
||||
echo.
|
||||
%JAVA_EXEC% -version
|
||||
echo.
|
||||
echo ===============================================================================
|
||||
echo.
|
||||
|
||||
|
||||
@@ -40,7 +40,6 @@ echo JAVA_CONF : $JAVA_CONF
|
||||
echo JAVA_OPTS : $JAVA_OPTS
|
||||
echo JAVA_HOME : $JAVA_HOME
|
||||
echo JAVA : $JAVA_EXEC}
|
||||
${JAVA_EXEC} -version
|
||||
echo ""
|
||||
echo "-------------------------------------------------------------------------------"
|
||||
echo ""
|
||||
|
||||
Reference in New Issue
Block a user