We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Description: Allows the use of a Shared IdP, using the Audience to delineate one API from another.
inheritFrom
shared
CredentialIssuer
shared=true
protected-ns=allow
clientId
audience
jwt-keycloak
The text was updated successfully, but these errors were encountered:
Elisa has reviewed the UI and all is good. Messaging on the options could be improved. Include the instructions on why you would choose which.
Aidan's considerations:
Elisa's reply:
Maybe consider the following, but sanitized to not mention any specific BC GOV things?:
Use a custom IDP if: You already have your own Keycloak instance You are using SSO Pathfinder's Keycloak instance with a Custom Realm Use the shared IDP if: You want to use Client Credential Grant Flow to protect an API and SSO Pathfinder Keycloak (custom or standard realms) is not an option for you.
Use a custom IDP if:
Use the shared IDP if:
Sorry, something went wrong.
ikethecoder
Successfully merging a pull request may close this issue.
Description: Allows the use of a Shared IdP, using the Audience to delineate one API from another.
inheritFrom
andshared
fields on theCredentialIssuer
shared=true
must have the namespace permissionprotected-ns=allow
clientId
is set to the unique client representing the particular Authorization ProfileclientId
will be set in theaudience
claim of the Bearer TokenCredentialIssuer
if Scopes are set andinheritFrom
is set (Scopes are not supported)jwt-keycloak
plugin will enforce theaudience
and not allow traffic with a token from a different audienceThe text was updated successfully, but these errors were encountered: