-
Notifications
You must be signed in to change notification settings - Fork 70
/
authentication.properties
33 lines (25 loc) · 1.61 KB
/
authentication.properties
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
aad.clientId={enter-your-client-id-here}
aad.secret={enter-your-client-secret-here}
aad.authority=https://login.microsoftonline.com/{enter-your-tenant-id-here}
aad.scopes=openid profile offline_access
## TODO: use aad.instance instead of authority
## TODO: build authority from instance+tenant
## TODO: also baseURL for graph should be configurable (graph.us, graph.cn, etc.)
aad.signOutEndpoint=/oauth2/v2.0/logout/
aad.postSignOutFragment=?post_logout_redirect_uri=
# app.homePage is by default set to dev server address and app context path on the server
# for apps deployed to azure, use https://your-sub-domain.azurewebsites.net
app.homePage=http://localhost:8080/msal4j-servlet-roles
# endpoint for AAD redirect. Configure this to be the same as the URL pattern for AADRedirectServlet.java
app.redirectEndpoint=/auth/redirect
# app's state value validity in seconds
app.stateTTL=600
# where to store session variables related to MSAL
app.sessionParam=msalAuth
# protect these endpoints by checking authenticated
app.protect.authenticated=/token_details
#local short names for app roles - e.g., sets admin to mean PrivilegedAdmin (useful for long rule sets defined in the next key, app.protect.roles)
app.roles=admin PrivilegedAdmin, user RegularUser
# A list of protected routes and its corresponding <space-separated> role(s) that can view it; the start of the next route & its role(s) is delimited by a <comma-and-space-separator>
# # this says: /admins_only can be accessed by PrivilegedAdmin, /regular_user can be accessed by PrivilegedAdmin role and the RegularUser role
app.protect.roles=/admin_only admin, /regular_user admin user