spring.profiles.active
This commit is contained in:
MaxKey
@@ -60,7 +60,6 @@ import org.springframework.security.crypto.password.PasswordEncoder;
|
||||
@Configuration
|
||||
//@ImportResource(locations = { "classpath:spring/maxkey.xml" })
|
||||
@PropertySource(ConstantsProperties.applicationPropertySource)
|
||||
@PropertySource(ConstantsProperties.maxKeyPropertySource)
|
||||
@ComponentScan(basePackages = {
|
||||
"org.maxkey.configuration",
|
||||
"org.maxkey.domain",
|
||||
@@ -84,15 +83,15 @@ public class MaxKeyConfig implements InitializingBean {
|
||||
|
||||
@Bean(name = "keyUriFormat")
|
||||
public KeyUriFormat keyUriFormat(
|
||||
@Value("${config.otp.keyuri.format.type:totp}")
|
||||
@Value("${maxkey.otp.keyuri.format.type:totp}")
|
||||
String keyuriFormatType,
|
||||
@Value("${config.otp.keyuri.format.domain:MaxKey.top}")
|
||||
@Value("${maxkey.otp.keyuri.format.domain:MaxKey.top}")
|
||||
String keyuriFormatDomain,
|
||||
@Value("${config.otp.keyuri.format.issuer:MaxKey}")
|
||||
@Value("${maxkey.otp.keyuri.format.issuer:MaxKey}")
|
||||
String keyuriFormatIssuer,
|
||||
@Value("${config.otp.keyuri.format.digits:6}")
|
||||
@Value("${maxkey.otp.keyuri.format.digits:6}")
|
||||
int keyuriFormatDigits,
|
||||
@Value("${config.otp.keyuri.format.period:30}")
|
||||
@Value("${maxkey.otp.keyuri.format.period:30}")
|
||||
int keyuriFormatPeriod) {
|
||||
|
||||
KeyUriFormat keyUriFormat=new KeyUriFormat();
|
||||
@@ -174,8 +173,8 @@ public class MaxKeyConfig implements InitializingBean {
|
||||
//default tfaOtpAuthn
|
||||
@Bean(name = "tfaOtpAuthn")
|
||||
public AbstractOtpAuthn tfaOptAuthn(
|
||||
@Value("${config.login.mfa.type}")String mfaType,
|
||||
@Value("${config.server.persistence}") int persistence,
|
||||
@Value("${maxkey.login.mfa.type}")String mfaType,
|
||||
@Value("${maxkey.server.persistence}") int persistence,
|
||||
MailOtpAuthn tfaMailOtpAuthn,
|
||||
RedisConnectionFactory redisConnFactory) {
|
||||
|
||||
@@ -222,8 +221,8 @@ public class MaxKeyConfig implements InitializingBean {
|
||||
|
||||
@Bean(name = "tfaMobileOtpAuthn")
|
||||
public SmsOtpAuthn smsOtpAuthn(
|
||||
@Value("${config.otp.sms}")String optSmsProvider,
|
||||
@Value("${config.server.persistence}") int persistence,
|
||||
@Value("${maxkey.otp.sms}")String optSmsProvider,
|
||||
@Value("${maxkey.server.persistence}") int persistence,
|
||||
RedisConnectionFactory redisConnFactory) {
|
||||
SmsOtpAuthn smsOtpAuthn = null;
|
||||
if(optSmsProvider.equalsIgnoreCase("SmsOtpAuthnAliyun")) {
|
||||
@@ -246,13 +245,13 @@ public class MaxKeyConfig implements InitializingBean {
|
||||
|
||||
@Bean(name = "kerberosService")
|
||||
public RemoteKerberosService kerberosService(
|
||||
@Value("${config.support.kerberos.default.userdomain}")
|
||||
@Value("${maxkey.support.kerberos.default.userdomain}")
|
||||
String userDomain,
|
||||
@Value("${config.support.kerberos.default.fulluserdomain}")
|
||||
@Value("${maxkey.support.kerberos.default.fulluserdomain}")
|
||||
String fullUserDomain,
|
||||
@Value("${config.support.kerberos.default.crypto}")
|
||||
@Value("${maxkey.support.kerberos.default.crypto}")
|
||||
String crypto,
|
||||
@Value("${config.support.kerberos.default.redirecturi}")
|
||||
@Value("${maxkey.support.kerberos.default.redirecturi}")
|
||||
String redirectUri
|
||||
) {
|
||||
RemoteKerberosService kerberosService = new RemoteKerberosService();
|
||||
|
||||
@@ -45,7 +45,7 @@ import org.springframework.web.servlet.i18n.LocaleChangeInterceptor;
|
||||
|
||||
@Configuration
|
||||
@EnableWebMvc
|
||||
@PropertySource(ConstantsProperties.maxKeyPropertySource)
|
||||
@PropertySource(ConstantsProperties.applicationPropertySource)
|
||||
public class MaxKeyMvcConfig implements WebMvcConfigurer {
|
||||
private static final Logger _logger = LoggerFactory.getLogger(MaxKeyMvcConfig.class);
|
||||
|
||||
@@ -80,13 +80,13 @@ public class MaxKeyMvcConfig implements WebMvcConfigurer {
|
||||
@Autowired
|
||||
HistoryLoginAppAdapter historyLoginAppAdapter;
|
||||
|
||||
@Value("${config.support.httpheader.enable:false}")
|
||||
@Value("${maxkey.support.httpheader.enable:false}")
|
||||
private boolean httpHeaderEnable;
|
||||
|
||||
@Value("${config.support.httpheader.headername:iv-user}")
|
||||
@Value("${maxkey.support.httpheader.headername:iv-user}")
|
||||
private String httpHeaderName;
|
||||
|
||||
@Value("${config.support.basic.enable:false}")
|
||||
@Value("${maxkey.support.basic.enable:false}")
|
||||
private boolean basicEnable;
|
||||
|
||||
@Override
|
||||
|
||||
@@ -115,3 +115,240 @@ management.security.enabled=false
|
||||
#management.endpoints.jmx.exposure.include=health,info
|
||||
management.endpoints.web.exposure.include=metrics,health,info,env
|
||||
|
||||
|
||||
############################################################################
|
||||
# domain name configuration
|
||||
maxkey.server.scheme=http
|
||||
maxkey.server.basedomain=maxkey.top
|
||||
maxkey.server.domain=sso.${config.server.basedomain}
|
||||
maxkey.server.name=${maxkey.server.scheme}://${maxkey.server.domain}
|
||||
maxkey.server.uri=${maxkey.server.name}/maxkey
|
||||
#default.uri
|
||||
maxkey.server.default.uri=${maxkey.server.uri}/maxkey/appList
|
||||
maxkey.server.management.uri=${maxkey.server.name}:9521/maxkey-mgt/login
|
||||
#InMemory 0 , Redis 2
|
||||
maxkey.server.persistence=0
|
||||
#identity
|
||||
maxkey.identity.kafkasupport=false
|
||||
|
||||
maxkey.app.issuer=CN=ConSec,CN=COM,CN=SH
|
||||
############################################################################
|
||||
# Login configuration
|
||||
#enable captcha
|
||||
maxkey.login.captcha=true
|
||||
#text or arithmetic
|
||||
maxkey.login.captcha.type=text
|
||||
#enable two factor,use one time password
|
||||
maxkey.login.mfa=true
|
||||
#TimeBasedOtpAuthn MailOtpAuthn SmsOtpAuthnYunxin SmsOtpAuthnAliyun SmsOtpAuthnTencentCloud
|
||||
maxkey.login.mfa.type=TimeBasedOtpAuthn
|
||||
#enable social sign on
|
||||
maxkey.login.socialsignon=true
|
||||
#social sign on providers
|
||||
maxkey.login.socialsignon.providers=gitee,wechatopen,sinaweibo,google,qq,dingtalk,microsoft,facebook
|
||||
#Enable kerberos/SPNEGO
|
||||
maxkey.login.kerberos=true
|
||||
#wsFederation
|
||||
maxkey.login.wsfederation=false
|
||||
#remeberme
|
||||
maxkey.login.remeberme=true
|
||||
#validity
|
||||
maxkey.login.remeberme.validity=0
|
||||
|
||||
#to default application web site
|
||||
maxkey.login.default.uri=appList
|
||||
|
||||
maxkey.ipaddress.whitelist=false
|
||||
|
||||
#SmsOtpAuthnYunxin SmsOtpAuthnAliyun SmsOtpAuthnTencentCloud
|
||||
maxkey.otp.sms=SmsOtpAuthnYunxin
|
||||
|
||||
maxkey.otp.sms.aliyun.accesskeyid=94395d754eb55693043f5d6a2b772ef4
|
||||
maxkey.otp.sms.aliyun.accesssecret=05d5485357bc
|
||||
maxkey.otp.sms.aliyun.templatecode=14860095
|
||||
maxkey.otp.sms.aliyun.signname=maxkey
|
||||
|
||||
maxkey.otp.sms.yunxin.appkey=94395d754eb55693043f5d6a2b772ef4
|
||||
maxkey.otp.sms.yunxin.appsecret=05d5485357bc
|
||||
maxkey.otp.sms.yunxin.templateid=14860095
|
||||
|
||||
maxkey.otp.sms.tencentcloud.secretid=94395d754eb55693043f5d6a2b772ef4
|
||||
maxkey.otp.sms.tencentcloud.secretkey=05d5485357bc
|
||||
maxkey.otp.sms.tencentcloud.smssdkappid=1486220095
|
||||
maxkey.otp.sms.tencentcloud.templateid=14860095
|
||||
maxkey.otp.sms.tencentcloud.sign=1486009522
|
||||
|
||||
maxkey.otp.keyuri.format.type=totp
|
||||
maxkey.otp.keyuri.format.digits=6
|
||||
maxkey.otp.keyuri.format.issuer=MaxKey
|
||||
maxkey.otp.keyuri.format.domain=${maxkey.server.domain}
|
||||
maxkey.otp.keyuri.format.period=30
|
||||
|
||||
############################################################################
|
||||
# Kerberos Login configuration
|
||||
############################################################################
|
||||
#short name of user domain must be in upper case,eg:MAXKEY
|
||||
maxkey.support.kerberos.default.userdomain=MAXKEY
|
||||
#short name of user domain must be in upper case,eg:MAXKEY.ORG
|
||||
maxkey.support.kerberos.default.fulluserdomain=MAXKEY.ORG
|
||||
#last 8Bit crypto for Kerberos web Authentication
|
||||
maxkey.support.kerberos.default.crypto=846KZSzYq56M6d5o
|
||||
#Kerberos Authentication server RUL
|
||||
maxkey.support.kerberos.default.redirecturi=http://sso.maxkey.top/kerberos/authn/
|
||||
############################################################################
|
||||
# HTTPHEADER Login configuration
|
||||
############################################################################
|
||||
maxkey.support.httpheader.enable=false
|
||||
maxkey.support.httpheader.headername=header-user
|
||||
# iv-user is for IBM Security Access Manager
|
||||
#config.httpheader.headername=iv-user
|
||||
|
||||
############################################################################
|
||||
# BASIC Login support configuration
|
||||
############################################################################
|
||||
|
||||
maxkey.support.basic.enable=false
|
||||
|
||||
#############################################################################
|
||||
# WsFederation Login support configuration
|
||||
#identifier: the identifer for the ADFS server
|
||||
#url: the login url for ADFS
|
||||
#principal: the name of the attribute/assertion returned by ADFS that contains the principal's username.
|
||||
#relyingParty: the identifier of the CAS Server as it has been configured in ADFS.
|
||||
#tolerance: (optional) the amount of drift to allow when validating the timestamp on the token. Default: 10000 (ms)
|
||||
#attributeMutator: (optional) a class (defined by you) that can modify the attributes/assertions returned by the ADFS server
|
||||
#signingCertificate: ADFS's signing certificate used to validate the token/assertions issued by ADFS.
|
||||
############################################################################
|
||||
|
||||
maxkey.support.wsfederation.identifier=http://adfs.maxkey.top/adfs/services/trust
|
||||
maxkey.support.wsfederation.url=https://adfs.maxkey.top/adfs/ls/
|
||||
maxkey.support.wsfederation.principal=upn
|
||||
maxkey.support.wsfederation.relyingParty=urn:federation:connsec
|
||||
maxkey.support.wsfederation.signingCertificate=adfs-signing.crt
|
||||
maxkey.support.wsfederation.tolerance=10000
|
||||
maxkey.support.wsfederation.upn.suffix=maxkey.org
|
||||
maxkey.support.wsfederation.logoutUrl=https://adfs.maxkey.top/adfs/ls/?wa=wsignout1.0
|
||||
#############################################################################
|
||||
|
||||
#############################################################################
|
||||
# OIDC V1.0 METADATA configuration
|
||||
maxkey.oidc.metadata.issuer=${maxkey.server.name}/maxkey
|
||||
maxkey.oidc.metadata.authorizationEndpoint=${maxkey.server.name}/maxkey/oauth/v20/authorize
|
||||
maxkey.oidc.metadata.tokenEndpoint=${maxkey.server.name}/maxkey/oauth/v20/token
|
||||
maxkey.oidc.metadata.userinfoEndpoint=${maxkey.server.name}/maxkey/api/connect/userinfo
|
||||
|
||||
#############################################################################
|
||||
# SAML V2.0 configuration
|
||||
#saml common
|
||||
maxkey.saml.v20.max.parser.pool.size=2
|
||||
maxkey.saml.v20.assertion.validity.time.ins.seconds=90
|
||||
maxkey.saml.v20.replay.cache.life.in.millis=14400000
|
||||
maxkey.saml.v20.issue.instant.check.clock.skew.in.seconds=90
|
||||
maxkey.saml.v20.issue.instant.check.validity.time.in.seconds=300
|
||||
|
||||
|
||||
#saml idp keystore
|
||||
maxkey.saml.v20.idp.keystore.password=maxkey
|
||||
maxkey.saml.v20.idp.keystore.private.key.password=maxkey
|
||||
maxkey.saml.v20.idp.keystore=classpath\:config/samlServerKeystore.jks
|
||||
#keystore id for sec
|
||||
maxkey.saml.v20.idp.issuing.entity.id=maxkey.top
|
||||
maxkey.saml.v20.idp.issuer=https://sso.maxkey.top/maxkey/saml
|
||||
|
||||
maxkey.saml.v20.idp.receiver.endpoint=https\://sso.maxkey.top/
|
||||
|
||||
#saml sp keystore
|
||||
maxkey.saml.v20.sp.keystore.password=maxkey
|
||||
maxkey.saml.v20.sp.keystore.private.key.password=maxkey
|
||||
maxkey.saml.v20.sp.keystore=classpath\:config/samlClientKeystore.jks
|
||||
maxkey.saml.v20.sp.issuing.entity.id=client.maxkey.org
|
||||
|
||||
#Saml v20 METADATA
|
||||
maxkey.saml.v20.metadata.orgName=MaxKeyTop
|
||||
maxkey.saml.v20.metadata.orgDisplayName=MaxKeyTop
|
||||
maxkey.saml.v20.metadata.orgURL=https://www.maxkey.top
|
||||
maxkey.saml.v20.metadata.contactType=technical
|
||||
maxkey.saml.v20.metadata.company=MaxKeyTop
|
||||
maxkey.saml.v20.metadata.givenName=maxkey
|
||||
maxkey.saml.v20.metadata.surName=maxkey
|
||||
maxkey.saml.v20.metadata.emailAddress=maxkeysupport@163.com
|
||||
maxkey.saml.v20.metadata.telephoneNumber=4008981111
|
||||
|
||||
############################################################################
|
||||
# Social Sign On Configuration #
|
||||
#you config client.id & client.secret only
|
||||
############################################################################
|
||||
|
||||
############################################################################
|
||||
#gitee
|
||||
maxkey.socialsignon.gitee.provider=gitee
|
||||
maxkey.socialsignon.gitee.provider.name=Gitee
|
||||
maxkey.socialsignon.gitee.icon=images/social/gitee.png
|
||||
maxkey.socialsignon.gitee.client.id=ee6fdc484b3398d17e77d6ff37fd8b9fe502106398c7b22bf5522d3c01303f45
|
||||
maxkey.socialsignon.gitee.client.secret=d6c3558f295f044df538c966a9084166f9a877c7a7392543184007a5faccdbad
|
||||
maxkey.socialsignon.gitee.account.id=id
|
||||
maxkey.socialsignon.gitee.sortorder=1
|
||||
#wechat
|
||||
maxkey.socialsignon.wechatopen.provider=wechatopen
|
||||
maxkey.socialsignon.wechatopen.provider.name=\u5fae\u4fe1
|
||||
maxkey.socialsignon.wechatopen.icon=images/social/wechat.png
|
||||
maxkey.socialsignon.wechatopen.client.id=ee6fdc484b3398d17e7
|
||||
maxkey.socialsignon.wechatopen.client.secret=7a5faccdbad
|
||||
maxkey.socialsignon.wechatopen.account.id=id
|
||||
maxkey.socialsignon.wechatopen.sortorder=2
|
||||
|
||||
#sina weibo
|
||||
maxkey.socialsignon.sinaweibo.provider=sinaweibo
|
||||
maxkey.socialsignon.sinaweibo.provider.name=\u65b0\u6d6a\u5fae\u535a
|
||||
maxkey.socialsignon.sinaweibo.icon=images/social/weibo.png
|
||||
maxkey.socialsignon.sinaweibo.client.id=3379757634
|
||||
maxkey.socialsignon.sinaweibo.client.secret=1adfdf9800299037bcab9d1c238664ba
|
||||
maxkey.socialsignon.sinaweibo.account.id=id
|
||||
maxkey.socialsignon.sinaweibo.sortorder=3
|
||||
|
||||
#Google
|
||||
maxkey.socialsignon.google.provider=google
|
||||
maxkey.socialsignon.google.provider.name=Google
|
||||
maxkey.socialsignon.google.icon=images/social/google.png
|
||||
maxkey.socialsignon.google.client.id=519914515488.apps.googleusercontent.com
|
||||
maxkey.socialsignon.google.client.secret=3aTW3Iw7e11QqMnHxciCaXTt
|
||||
maxkey.socialsignon.google.account.id=id
|
||||
maxkey.socialsignon.google.sortorder=4
|
||||
|
||||
#dingtalk
|
||||
maxkey.socialsignon.dingtalk.provider=dingtalk
|
||||
maxkey.socialsignon.dingtalk.provider.name=dingtalk
|
||||
maxkey.socialsignon.dingtalk.icon=images/social/dingtalk.png
|
||||
maxkey.socialsignon.dingtalk.client.id=dingoawf2jyiwh2uzqnphg
|
||||
maxkey.socialsignon.dingtalk.client.secret=Crm7YJbMKfRlvG2i1SHpg4GHVpqF_oXiEjhmRQyiSiuzNRWpbFh9i0UjDTfhOoN9
|
||||
maxkey.socialsignon.dingtalk.account.id=openid
|
||||
maxkey.socialsignon.dingtalk.sortorder=5
|
||||
|
||||
#QQ
|
||||
maxkey.socialsignon.qq.provider=qq
|
||||
maxkey.socialsignon.qq.provider.name=QQ
|
||||
maxkey.socialsignon.qq.icon=images/social/qq.png
|
||||
maxkey.socialsignon.qq.client.id=101225363
|
||||
maxkey.socialsignon.qq.client.secret=8577d75e0eb4a91ac549cc8be3371bfd
|
||||
maxkey.socialsignon.qq.account.id=openid
|
||||
maxkey.socialsignon.qq.sortorder=6
|
||||
|
||||
|
||||
|
||||
#Microsoft
|
||||
maxkey.socialsignon.microsoft.provider=microsoft
|
||||
maxkey.socialsignon.microsoft.provider.name=Microsoft
|
||||
maxkey.socialsignon.microsoft.icon=images/social/microsoft.png
|
||||
maxkey.socialsignon.microsoft.client.id=24aa73b6-7928-4e64-bd64-d8682e650f95
|
||||
maxkey.socialsignon.microsoft.client.secret=PF[_AthtjVrtWVO2mNy@CJxY1@Z8FNf5
|
||||
maxkey.socialsignon.microsoft.account.id=id
|
||||
maxkey.socialsignon.microsoft.sortorder=7
|
||||
|
||||
#facebook
|
||||
maxkey.socialsignon.facebook.provider=facebook
|
||||
maxkey.socialsignon.facebook.provider.name=facebook
|
||||
maxkey.socialsignon.facebook.icon=images/social/facebook.png
|
||||
maxkey.socialsignon.facebook.client.id=appKey
|
||||
maxkey.socialsignon.facebook.client.secret=appSecret
|
||||
maxkey.socialsignon.facebook.account.id=id
|
||||
maxkey.socialsignon.facebook.sortorder=8
|
||||
|
||||
@@ -122,3 +122,240 @@ management.security.enabled=false
|
||||
#management.endpoints.jmx.exposure.include=health,info
|
||||
management.endpoints.web.exposure.include=metrics,health,info,env
|
||||
|
||||
|
||||
############################################################################
|
||||
# domain name configuration
|
||||
maxkey.server.scheme=https
|
||||
maxkey.server.basedomain=maxkey.top
|
||||
maxkey.server.domain=sso.${maxkey.server.basedomain}
|
||||
maxkey.server.name=${maxkey.server.scheme}://${maxkey.server.domain}
|
||||
maxkey.server.uri=${maxkey.server.name}/maxkey
|
||||
#default.uri
|
||||
maxkey.server.default.uri=${maxkey.server.uri}/maxkey/appList
|
||||
maxkey.server.management.uri=${maxkey.server.name}:9521/maxkey-mgt/login
|
||||
#InMemory 0 , Redis 2
|
||||
maxkey.server.persistence=0
|
||||
#identity
|
||||
maxkey.identity.kafkasupport=false
|
||||
|
||||
maxkey.app.issuer=CN=ConSec,CN=COM,CN=SH
|
||||
############################################################################
|
||||
# Login configuration
|
||||
#enable captcha
|
||||
maxkey.login.captcha=true
|
||||
#text or arithmetic
|
||||
maxkey.login.captcha.type=text
|
||||
#enable two factor,use one time password
|
||||
maxkey.login.mfa=true
|
||||
#TimeBasedOtpAuthn MailOtpAuthn SmsOtpAuthnYunxin SmsOtpAuthnAliyun SmsOtpAuthnTencentCloud
|
||||
maxkey.login.mfa.type=TimeBasedOtpAuthn
|
||||
#enable social sign on
|
||||
maxkey.login.socialsignon=true
|
||||
#social sign on providers
|
||||
maxkey.login.socialsignon.providers=gitee,wechatopen,sinaweibo,google,qq,dingtalk,microsoft,facebook
|
||||
#Enable kerberos/SPNEGO
|
||||
maxkey.login.kerberos=true
|
||||
#wsFederation
|
||||
maxkey.login.wsfederation=false
|
||||
#remeberme
|
||||
maxkey.login.remeberme=true
|
||||
#validity
|
||||
maxkey.login.remeberme.validity=0
|
||||
|
||||
#to default application web site
|
||||
maxkey.login.default.uri=appList
|
||||
|
||||
maxkey.ipaddress.whitelist=false
|
||||
|
||||
#SmsOtpAuthnYunxin SmsOtpAuthnAliyun SmsOtpAuthnTencentCloud
|
||||
maxkey.otp.sms=SmsOtpAuthnYunxin
|
||||
|
||||
maxkey.otp.sms.aliyun.accesskeyid=94395d754eb55693043f5d6a2b772ef4
|
||||
maxkey.otp.sms.aliyun.accesssecret=05d5485357bc
|
||||
maxkey.otp.sms.aliyun.templatecode=14860095
|
||||
maxkey.otp.sms.aliyun.signname=maxkey
|
||||
|
||||
maxkey.otp.sms.yunxin.appkey=94395d754eb55693043f5d6a2b772ef4
|
||||
maxkey.otp.sms.yunxin.appsecret=05d5485357bc
|
||||
maxkey.otp.sms.yunxin.templateid=14860095
|
||||
|
||||
maxkey.otp.sms.tencentcloud.secretid=94395d754eb55693043f5d6a2b772ef4
|
||||
maxkey.otp.sms.tencentcloud.secretkey=05d5485357bc
|
||||
maxkey.otp.sms.tencentcloud.smssdkappid=1486220095
|
||||
maxkey.otp.sms.tencentcloud.templateid=14860095
|
||||
maxkey.otp.sms.tencentcloud.sign=1486009522
|
||||
|
||||
maxkey.otp.keyuri.format.type=totp
|
||||
maxkey.otp.keyuri.format.digits=6
|
||||
maxkey.otp.keyuri.format.issuer=MaxKey
|
||||
maxkey.otp.keyuri.format.domain=${maxkey.server.domain}
|
||||
maxkey.otp.keyuri.format.period=30
|
||||
|
||||
############################################################################
|
||||
# Kerberos Login configuration
|
||||
############################################################################
|
||||
#short name of user domain must be in upper case,eg:MAXKEY
|
||||
maxkey.support.kerberos.default.userdomain=MAXKEY
|
||||
#short name of user domain must be in upper case,eg:MAXKEY.ORG
|
||||
maxkey.support.kerberos.default.fulluserdomain=MAXKEY.ORG
|
||||
#last 8Bit crypto for Kerberos web Authentication
|
||||
maxkey.support.kerberos.default.crypto=846KZSzYq56M6d5o
|
||||
#Kerberos Authentication server RUL
|
||||
maxkey.support.kerberos.default.redirecturi=http://sso.maxkey.top/kerberos/authn/
|
||||
############################################################################
|
||||
# HTTPHEADER Login configuration
|
||||
############################################################################
|
||||
maxkey.support.httpheader.enable=false
|
||||
maxkey.support.httpheader.headername=header-user
|
||||
# iv-user is for IBM Security Access Manager
|
||||
#config.httpheader.headername=iv-user
|
||||
|
||||
############################################################################
|
||||
# BASIC Login support configuration
|
||||
############################################################################
|
||||
|
||||
maxkey.support.basic.enable=false
|
||||
|
||||
#############################################################################
|
||||
# WsFederation Login support configuration
|
||||
#identifier: the identifer for the ADFS server
|
||||
#url: the login url for ADFS
|
||||
#principal: the name of the attribute/assertion returned by ADFS that contains the principal's username.
|
||||
#relyingParty: the identifier of the CAS Server as it has been configured in ADFS.
|
||||
#tolerance: (optional) the amount of drift to allow when validating the timestamp on the token. Default: 10000 (ms)
|
||||
#attributeMutator: (optional) a class (defined by you) that can modify the attributes/assertions returned by the ADFS server
|
||||
#signingCertificate: ADFS's signing certificate used to validate the token/assertions issued by ADFS.
|
||||
############################################################################
|
||||
|
||||
maxkey.support.wsfederation.identifier=http://adfs.maxkey.top/adfs/services/trust
|
||||
maxkey.support.wsfederation.url=https://adfs.maxkey.top/adfs/ls/
|
||||
maxkey.support.wsfederation.principal=upn
|
||||
maxkey.support.wsfederation.relyingParty=urn:federation:connsec
|
||||
maxkey.support.wsfederation.signingCertificate=adfs-signing.crt
|
||||
maxkey.support.wsfederation.tolerance=10000
|
||||
maxkey.support.wsfederation.upn.suffix=maxkey.org
|
||||
maxkey.support.wsfederation.logoutUrl=https://adfs.maxkey.top/adfs/ls/?wa=wsignout1.0
|
||||
#############################################################################
|
||||
|
||||
#############################################################################
|
||||
# OIDC V1.0 METADATA configuration
|
||||
maxkey.oidc.metadata.issuer=${maxkey.server.name}/maxkey
|
||||
maxkey.oidc.metadata.authorizationEndpoint=${maxkey.server.name}/maxkey/oauth/v20/authorize
|
||||
maxkey.oidc.metadata.tokenEndpoint=${maxkey.server.name}/maxkey/oauth/v20/token
|
||||
maxkey.oidc.metadata.userinfoEndpoint=${maxkey.server.name}/maxkey/api/connect/userinfo
|
||||
|
||||
#############################################################################
|
||||
# SAML V2.0 configuration
|
||||
#saml common
|
||||
maxkey.saml.v20.max.parser.pool.size=2
|
||||
maxkey.saml.v20.assertion.validity.time.ins.seconds=90
|
||||
maxkey.saml.v20.replay.cache.life.in.millis=14400000
|
||||
maxkey.saml.v20.issue.instant.check.clock.skew.in.seconds=90
|
||||
maxkey.saml.v20.issue.instant.check.validity.time.in.seconds=300
|
||||
|
||||
|
||||
#saml idp keystore
|
||||
maxkey.saml.v20.idp.keystore.password=maxkey
|
||||
maxkey.saml.v20.idp.keystore.private.key.password=maxkey
|
||||
maxkey.saml.v20.idp.keystore=classpath\:config/samlServerKeystore.jks
|
||||
#keystore id for sec
|
||||
maxkey.saml.v20.idp.issuing.entity.id=maxkey.top
|
||||
maxkey.saml.v20.idp.issuer=https://sso.maxkey.top/maxkey/saml
|
||||
|
||||
maxkey.saml.v20.idp.receiver.endpoint=https\://sso.maxkey.top/
|
||||
|
||||
#saml sp keystore
|
||||
maxkey.saml.v20.sp.keystore.password=maxkey
|
||||
maxkey.saml.v20.sp.keystore.private.key.password=maxkey
|
||||
maxkey.saml.v20.sp.keystore=classpath\:config/samlClientKeystore.jks
|
||||
maxkey.saml.v20.sp.issuing.entity.id=client.maxkey.org
|
||||
|
||||
#Saml v20 METADATA
|
||||
maxkey.saml.v20.metadata.orgName=MaxKeyTop
|
||||
maxkey.saml.v20.metadata.orgDisplayName=MaxKeyTop
|
||||
maxkey.saml.v20.metadata.orgURL=https://www.maxkey.top
|
||||
maxkey.saml.v20.metadata.contactType=technical
|
||||
maxkey.saml.v20.metadata.company=MaxKeyTop
|
||||
maxkey.saml.v20.metadata.givenName=maxkey
|
||||
maxkey.saml.v20.metadata.surName=maxkey
|
||||
maxkey.saml.v20.metadata.emailAddress=maxkeysupport@163.com
|
||||
maxkey.saml.v20.metadata.telephoneNumber=4008981111
|
||||
|
||||
############################################################################
|
||||
# Social Sign On Configuration #
|
||||
#you config client.id & client.secret only
|
||||
############################################################################
|
||||
|
||||
############################################################################
|
||||
#gitee
|
||||
maxkey.socialsignon.gitee.provider=gitee
|
||||
maxkey.socialsignon.gitee.provider.name=Gitee
|
||||
maxkey.socialsignon.gitee.icon=images/social/gitee.png
|
||||
maxkey.socialsignon.gitee.client.id=ee6fdc484b3398d17e77d6ff37fd8b9fe502106398c7b22bf5522d3c01303f45
|
||||
maxkey.socialsignon.gitee.client.secret=d6c3558f295f044df538c966a9084166f9a877c7a7392543184007a5faccdbad
|
||||
maxkey.socialsignon.gitee.account.id=id
|
||||
maxkey.socialsignon.gitee.sortorder=1
|
||||
#wechat
|
||||
maxkey.socialsignon.wechatopen.provider=wechatopen
|
||||
maxkey.socialsignon.wechatopen.provider.name=\u5fae\u4fe1
|
||||
maxkey.socialsignon.wechatopen.icon=images/social/wechat.png
|
||||
maxkey.socialsignon.wechatopen.client.id=ee6fdc484b3398d17e7
|
||||
maxkey.socialsignon.wechatopen.client.secret=7a5faccdbad
|
||||
maxkey.socialsignon.wechatopen.account.id=id
|
||||
maxkey.socialsignon.wechatopen.sortorder=2
|
||||
|
||||
#sina weibo
|
||||
maxkey.socialsignon.sinaweibo.provider=sinaweibo
|
||||
maxkey.socialsignon.sinaweibo.provider.name=\u65b0\u6d6a\u5fae\u535a
|
||||
maxkey.socialsignon.sinaweibo.icon=images/social/weibo.png
|
||||
maxkey.socialsignon.sinaweibo.client.id=3379757634
|
||||
maxkey.socialsignon.sinaweibo.client.secret=1adfdf9800299037bcab9d1c238664ba
|
||||
maxkey.socialsignon.sinaweibo.account.id=id
|
||||
maxkey.socialsignon.sinaweibo.sortorder=3
|
||||
|
||||
#Google
|
||||
maxkey.socialsignon.google.provider=google
|
||||
maxkey.socialsignon.google.provider.name=Google
|
||||
maxkey.socialsignon.google.icon=images/social/google.png
|
||||
maxkey.socialsignon.google.client.id=519914515488.apps.googleusercontent.com
|
||||
maxkey.socialsignon.google.client.secret=3aTW3Iw7e11QqMnHxciCaXTt
|
||||
maxkey.socialsignon.google.account.id=id
|
||||
maxkey.socialsignon.google.sortorder=4
|
||||
|
||||
#dingtalk
|
||||
maxkey.socialsignon.dingtalk.provider=dingtalk
|
||||
maxkey.socialsignon.dingtalk.provider.name=dingtalk
|
||||
maxkey.socialsignon.dingtalk.icon=images/social/dingtalk.png
|
||||
maxkey.socialsignon.dingtalk.client.id=dingoawf2jyiwh2uzqnphg
|
||||
maxkey.socialsignon.dingtalk.client.secret=Crm7YJbMKfRlvG2i1SHpg4GHVpqF_oXiEjhmRQyiSiuzNRWpbFh9i0UjDTfhOoN9
|
||||
maxkey.socialsignon.dingtalk.account.id=openid
|
||||
maxkey.socialsignon.dingtalk.sortorder=5
|
||||
|
||||
#QQ
|
||||
maxkey.socialsignon.qq.provider=qq
|
||||
maxkey.socialsignon.qq.provider.name=QQ
|
||||
maxkey.socialsignon.qq.icon=images/social/qq.png
|
||||
maxkey.socialsignon.qq.client.id=101225363
|
||||
maxkey.socialsignon.qq.client.secret=8577d75e0eb4a91ac549cc8be3371bfd
|
||||
maxkey.socialsignon.qq.account.id=openid
|
||||
maxkey.socialsignon.qq.sortorder=6
|
||||
|
||||
|
||||
|
||||
#Microsoft
|
||||
maxkey.socialsignon.microsoft.provider=microsoft
|
||||
maxkey.socialsignon.microsoft.provider.name=Microsoft
|
||||
maxkey.socialsignon.microsoft.icon=images/social/microsoft.png
|
||||
maxkey.socialsignon.microsoft.client.id=24aa73b6-7928-4e64-bd64-d8682e650f95
|
||||
maxkey.socialsignon.microsoft.client.secret=PF[_AthtjVrtWVO2mNy@CJxY1@Z8FNf5
|
||||
maxkey.socialsignon.microsoft.account.id=id
|
||||
maxkey.socialsignon.microsoft.sortorder=7
|
||||
|
||||
#facebook
|
||||
maxkey.socialsignon.facebook.provider=facebook
|
||||
maxkey.socialsignon.facebook.provider.name=facebook
|
||||
maxkey.socialsignon.facebook.icon=images/social/facebook.png
|
||||
maxkey.socialsignon.facebook.client.id=appKey
|
||||
maxkey.socialsignon.facebook.client.secret=appSecret
|
||||
maxkey.socialsignon.facebook.account.id=id
|
||||
maxkey.socialsignon.facebook.sortorder=8
|
||||
|
||||
@@ -1,238 +0,0 @@
|
||||
############################################################################
|
||||
# MaxKey
|
||||
############################################################################
|
||||
# domain name configuration
|
||||
config.server.scheme=http
|
||||
config.server.basedomain=maxkey.top
|
||||
config.server.domain=sso.${config.server.basedomain}
|
||||
config.server.name=${config.server.scheme}://${config.server.domain}
|
||||
config.server.uri=${config.server.name}/maxkey
|
||||
#default.uri
|
||||
config.server.default.uri=${config.server.uri}/maxkey/appList
|
||||
config.server.management.uri=${config.server.name}:9521/maxkey-mgt/login
|
||||
#InMemory 0 , Redis 2
|
||||
config.server.persistence=0
|
||||
#identity
|
||||
config.identity.kafkasupport=false
|
||||
|
||||
config.app.issuer=CN=ConSec,CN=COM,CN=SH
|
||||
############################################################################
|
||||
# Login configuration
|
||||
#enable captcha
|
||||
config.login.captcha=true
|
||||
#text or arithmetic
|
||||
config.login.captcha.type=text
|
||||
#enable two factor,use one time password
|
||||
config.login.mfa=true
|
||||
#TimeBasedOtpAuthn MailOtpAuthn SmsOtpAuthnYunxin SmsOtpAuthnAliyun SmsOtpAuthnTencentCloud
|
||||
config.login.mfa.type=TimeBasedOtpAuthn
|
||||
#enable social sign on
|
||||
config.login.socialsignon=true
|
||||
#social sign on providers
|
||||
config.login.socialsignon.providers=gitee,wechatopen,sinaweibo,google,qq,dingtalk,microsoft,facebook
|
||||
#Enable kerberos/SPNEGO
|
||||
config.login.kerberos=true
|
||||
#wsFederation
|
||||
config.login.wsfederation=false
|
||||
#remeberme
|
||||
config.login.remeberme=true
|
||||
#validity
|
||||
config.login.remeberme.validity=0
|
||||
|
||||
#to default application web site
|
||||
config.login.default.uri=appList
|
||||
|
||||
config.ipaddress.whitelist=false
|
||||
|
||||
#SmsOtpAuthnYunxin SmsOtpAuthnAliyun SmsOtpAuthnTencentCloud
|
||||
config.otp.sms=SmsOtpAuthnYunxin
|
||||
|
||||
config.otp.sms.aliyun.accesskeyid=94395d754eb55693043f5d6a2b772ef4
|
||||
config.otp.sms.aliyun.accesssecret=05d5485357bc
|
||||
config.otp.sms.aliyun.templatecode=14860095
|
||||
config.otp.sms.aliyun.signname=maxkey
|
||||
|
||||
config.otp.sms.yunxin.appkey=94395d754eb55693043f5d6a2b772ef4
|
||||
config.otp.sms.yunxin.appsecret=05d5485357bc
|
||||
config.otp.sms.yunxin.templateid=14860095
|
||||
|
||||
config.otp.sms.tencentcloud.secretid=94395d754eb55693043f5d6a2b772ef4
|
||||
config.otp.sms.tencentcloud.secretkey=05d5485357bc
|
||||
config.otp.sms.tencentcloud.smssdkappid=1486220095
|
||||
config.otp.sms.tencentcloud.templateid=14860095
|
||||
config.otp.sms.tencentcloud.sign=1486009522
|
||||
|
||||
config.otp.keyuri.format.type=totp
|
||||
config.otp.keyuri.format.digits=6
|
||||
config.otp.keyuri.format.issuer=MaxKey
|
||||
config.otp.keyuri.format.domain=${config.server.domain}
|
||||
config.otp.keyuri.format.period=30
|
||||
|
||||
############################################################################
|
||||
# Kerberos Login configuration
|
||||
############################################################################
|
||||
#short name of user domain must be in upper case,eg:MAXKEY
|
||||
config.support.kerberos.default.userdomain=MAXKEY
|
||||
#short name of user domain must be in upper case,eg:MAXKEY.ORG
|
||||
config.support.kerberos.default.fulluserdomain=MAXKEY.ORG
|
||||
#last 8Bit crypto for Kerberos web Authentication
|
||||
config.support.kerberos.default.crypto=846KZSzYq56M6d5o
|
||||
#Kerberos Authentication server RUL
|
||||
config.support.kerberos.default.redirecturi=http://sso.maxkey.top/kerberos/authn/
|
||||
############################################################################
|
||||
# HTTPHEADER Login configuration
|
||||
############################################################################
|
||||
config.support.httpheader.enable=false
|
||||
config.support.httpheader.headername=header-user
|
||||
# iv-user is for IBM Security Access Manager
|
||||
#config.httpheader.headername=iv-user
|
||||
|
||||
############################################################################
|
||||
# BASIC Login support configuration
|
||||
############################################################################
|
||||
|
||||
config.support.basic.enable=false
|
||||
|
||||
#############################################################################
|
||||
# WsFederation Login support configuration
|
||||
#identifier: the identifer for the ADFS server
|
||||
#url: the login url for ADFS
|
||||
#principal: the name of the attribute/assertion returned by ADFS that contains the principal's username.
|
||||
#relyingParty: the identifier of the CAS Server as it has been configured in ADFS.
|
||||
#tolerance: (optional) the amount of drift to allow when validating the timestamp on the token. Default: 10000 (ms)
|
||||
#attributeMutator: (optional) a class (defined by you) that can modify the attributes/assertions returned by the ADFS server
|
||||
#signingCertificate: ADFS's signing certificate used to validate the token/assertions issued by ADFS.
|
||||
############################################################################
|
||||
|
||||
config.support.wsfederation.identifier=http://adfs.maxkey.top/adfs/services/trust
|
||||
config.support.wsfederation.url=https://adfs.maxkey.top/adfs/ls/
|
||||
config.support.wsfederation.principal=upn
|
||||
config.support.wsfederation.relyingParty=urn:federation:connsec
|
||||
config.support.wsfederation.signingCertificate=adfs-signing.crt
|
||||
config.support.wsfederation.tolerance=10000
|
||||
config.support.wsfederation.upn.suffix=maxkey.org
|
||||
config.support.wsfederation.logoutUrl=https://adfs.maxkey.top/adfs/ls/?wa=wsignout1.0
|
||||
#############################################################################
|
||||
|
||||
#############################################################################
|
||||
# OIDC V1.0 METADATA configuration
|
||||
config.oidc.metadata.issuer=${config.server.name}/maxkey
|
||||
config.oidc.metadata.authorizationEndpoint=${config.server.name}/maxkey/oauth/v20/authorize
|
||||
config.oidc.metadata.tokenEndpoint=${config.server.name}/maxkey/oauth/v20/token
|
||||
config.oidc.metadata.userinfoEndpoint=${config.server.name}/maxkey/api/connect/userinfo
|
||||
|
||||
#############################################################################
|
||||
# SAML V2.0 configuration
|
||||
#saml common
|
||||
config.saml.v20.max.parser.pool.size=2
|
||||
config.saml.v20.assertion.validity.time.ins.seconds=90
|
||||
config.saml.v20.replay.cache.life.in.millis=14400000
|
||||
config.saml.v20.issue.instant.check.clock.skew.in.seconds=90
|
||||
config.saml.v20.issue.instant.check.validity.time.in.seconds=300
|
||||
|
||||
|
||||
#saml idp keystore
|
||||
config.saml.v20.idp.keystore.password=maxkey
|
||||
config.saml.v20.idp.keystore.private.key.password=maxkey
|
||||
config.saml.v20.idp.keystore=classpath\:config/samlServerKeystore.jks
|
||||
#keystore id for sec
|
||||
config.saml.v20.idp.issuing.entity.id=maxkey.top
|
||||
config.saml.v20.idp.issuer=https://sso.maxkey.top/maxkey/saml
|
||||
|
||||
config.saml.v20.idp.receiver.endpoint=https\://sso.maxkey.top/
|
||||
|
||||
#saml sp keystore
|
||||
config.saml.v20.sp.keystore.password=maxkey
|
||||
config.saml.v20.sp.keystore.private.key.password=maxkey
|
||||
config.saml.v20.sp.keystore=classpath\:config/samlClientKeystore.jks
|
||||
config.saml.v20.sp.issuing.entity.id=client.maxkey.org
|
||||
|
||||
#Saml v20 METADATA
|
||||
config.saml.v20.metadata.orgName=MaxKeyTop
|
||||
config.saml.v20.metadata.orgDisplayName=MaxKeyTop
|
||||
config.saml.v20.metadata.orgURL=https://www.maxkey.top
|
||||
config.saml.v20.metadata.contactType=technical
|
||||
config.saml.v20.metadata.company=MaxKeyTop
|
||||
config.saml.v20.metadata.givenName=maxkey
|
||||
config.saml.v20.metadata.surName=maxkey
|
||||
config.saml.v20.metadata.emailAddress=maxkeysupport@163.com
|
||||
config.saml.v20.metadata.telephoneNumber=4008981111
|
||||
|
||||
############################################################################
|
||||
# Social Sign On Configuration #
|
||||
#you config client.id & client.secret only
|
||||
############################################################################
|
||||
|
||||
############################################################################
|
||||
#gitee
|
||||
config.socialsignon.gitee.provider=gitee
|
||||
config.socialsignon.gitee.provider.name=Gitee
|
||||
config.socialsignon.gitee.icon=images/social/gitee.png
|
||||
config.socialsignon.gitee.client.id=ee6fdc484b3398d17e77d6ff37fd8b9fe502106398c7b22bf5522d3c01303f45
|
||||
config.socialsignon.gitee.client.secret=d6c3558f295f044df538c966a9084166f9a877c7a7392543184007a5faccdbad
|
||||
config.socialsignon.gitee.account.id=id
|
||||
config.socialsignon.gitee.sortorder=1
|
||||
#wechat
|
||||
config.socialsignon.wechatopen.provider=wechatopen
|
||||
config.socialsignon.wechatopen.provider.name=\u5fae\u4fe1
|
||||
config.socialsignon.wechatopen.icon=images/social/wechat.png
|
||||
config.socialsignon.wechatopen.client.id=ee6fdc484b3398d17e7
|
||||
config.socialsignon.wechatopen.client.secret=7a5faccdbad
|
||||
config.socialsignon.wechatopen.account.id=id
|
||||
config.socialsignon.wechatopen.sortorder=2
|
||||
|
||||
#sina weibo
|
||||
config.socialsignon.sinaweibo.provider=sinaweibo
|
||||
config.socialsignon.sinaweibo.provider.name=\u65b0\u6d6a\u5fae\u535a
|
||||
config.socialsignon.sinaweibo.icon=images/social/weibo.png
|
||||
config.socialsignon.sinaweibo.client.id=3379757634
|
||||
config.socialsignon.sinaweibo.client.secret=1adfdf9800299037bcab9d1c238664ba
|
||||
config.socialsignon.sinaweibo.account.id=id
|
||||
config.socialsignon.sinaweibo.sortorder=3
|
||||
|
||||
#Google
|
||||
config.socialsignon.google.provider=google
|
||||
config.socialsignon.google.provider.name=Google
|
||||
config.socialsignon.google.icon=images/social/google.png
|
||||
config.socialsignon.google.client.id=519914515488.apps.googleusercontent.com
|
||||
config.socialsignon.google.client.secret=3aTW3Iw7e11QqMnHxciCaXTt
|
||||
config.socialsignon.google.account.id=id
|
||||
config.socialsignon.google.sortorder=4
|
||||
|
||||
#dingtalk
|
||||
config.socialsignon.dingtalk.provider=dingtalk
|
||||
config.socialsignon.dingtalk.provider.name=dingtalk
|
||||
config.socialsignon.dingtalk.icon=images/social/dingtalk.png
|
||||
config.socialsignon.dingtalk.client.id=dingoawf2jyiwh2uzqnphg
|
||||
config.socialsignon.dingtalk.client.secret=Crm7YJbMKfRlvG2i1SHpg4GHVpqF_oXiEjhmRQyiSiuzNRWpbFh9i0UjDTfhOoN9
|
||||
config.socialsignon.dingtalk.account.id=openid
|
||||
config.socialsignon.dingtalk.sortorder=5
|
||||
|
||||
#QQ
|
||||
config.socialsignon.qq.provider=qq
|
||||
config.socialsignon.qq.provider.name=QQ
|
||||
config.socialsignon.qq.icon=images/social/qq.png
|
||||
config.socialsignon.qq.client.id=101225363
|
||||
config.socialsignon.qq.client.secret=8577d75e0eb4a91ac549cc8be3371bfd
|
||||
config.socialsignon.qq.account.id=openid
|
||||
config.socialsignon.qq.sortorder=6
|
||||
|
||||
|
||||
|
||||
#Microsoft
|
||||
config.socialsignon.microsoft.provider=microsoft
|
||||
config.socialsignon.microsoft.provider.name=Microsoft
|
||||
config.socialsignon.microsoft.icon=images/social/microsoft.png
|
||||
config.socialsignon.microsoft.client.id=24aa73b6-7928-4e64-bd64-d8682e650f95
|
||||
config.socialsignon.microsoft.client.secret=PF[_AthtjVrtWVO2mNy@CJxY1@Z8FNf5
|
||||
config.socialsignon.microsoft.account.id=id
|
||||
config.socialsignon.microsoft.sortorder=7
|
||||
|
||||
#facebook
|
||||
config.socialsignon.facebook.provider=facebook
|
||||
config.socialsignon.facebook.provider.name=facebook
|
||||
config.socialsignon.facebook.icon=images/social/facebook.png
|
||||
config.socialsignon.facebook.client.id=appKey
|
||||
config.socialsignon.facebook.client.secret=appSecret
|
||||
config.socialsignon.facebook.account.id=id
|
||||
config.socialsignon.facebook.sortorder=8
|
||||
Reference in New Issue
Block a user