...
| Code Block | ||
|---|---|---|
| ||
oauth2:
feign:
client-id: ${modelop.mm.client-id}
client-secret: ${modelop.mm.client-secret}
access-token-uri: ${modelop.provider.token-uri}
scopes: ${modelop.mm.scope}
group-base-access:
oauth2-group-claim-name: memberOf
admin-default-access-group: admin
default-access-groups: ${oauth2.group-base-access.default-access-group}modelop |
...
JWT RS configurations
JWT RS is straight forward, only jwt profile is required.
...
| Code Block | ||
|---|---|---|
| ||
oauth2:
# Values for Resource Servers.
resource-server:
# Specifically opaque-queryparam is for a specific client needs that supports 2 OAuth2 providers at the same time...
opaque-queryparam:
queryparam: otoken
introspection-uri: https://authorization.server/rs/validate/AppIdClaim
client-registration-id: feign
introspection-method: POST |
...
Token Claims to User Attributes Mapping
...
Please note that the configuration above is overriding one claim name only, but multiple or all claim names can be overridden, if necessary.
User Groups
ModelOp Center has the capability to filter user groups arriving as part of the token. When enabled, user groups that do not match the specified regex filter will not be displayed in ModelOp Center. To enable such group filtering, please add the following configuration properties:
| Code Block | ||
|---|---|---|
| ||
oauth2:
group-base-access:
group-authorities-regex-filter: "Your group filter here" |
If users without any group(s) should be allowed access to ModelOp Center, please set the following configuration property:
| Code Block | ||
|---|---|---|
| ||
oauth2:
group-base-access:
block-user-access-without-groups: false |
Please note users without any group(s) will not be allowed access to ModelOp Center by default.