You are viewing the documentation for Blueriq 17. Documentation for other versions is available in our documentation directory.
Subject | JAVA Property | Explanation | |
---|---|---|---|
JWT Authentication | blueriq.security.jwt.login-path | Optional login path property that is used when building the login redirect URL to the Gateway Service. This can be overridden when the Gateway Service is running behind a reverse proxy. Default: /login |
|
blueriq.security.jwt.logout-path | Optional logout path property that is used when building the logout redirect URL to the Gateway Service. This can be overridden when the Gateway Service is running behind a reverse proxy. Default: /logout |
| |
blueriq.security.jwt.sso-logout | Boolean indicating whether when logging out of Blueriq the user should be logged out of the Single-Sign-On session as well. Default: false |
|
Subject | JAVA Property | Explanation | |
---|---|---|---|
blueriq.security.jwt-claims.roles-path | A JsonPath expression to the roles claim in the JWT body. For example, if the JWT body contains below claims, this property should be set to { ... other claims ... "realm_access": [ "roles": ["role1", "role2"] ] ... other claims ... } |
| |
blueriq.security.jwt-claims.teams-path | A JsonPath expression to the teams claim in the JWT body. See roles-path above for more information. |
| |
blueriq.security.jwt-claims.role-mapping.<role-claim> | Maps a role claim to zero, one or multiple Blueriq roles. If a role claim does not have a mapping, it is considered to have an implicit identity mapping. Example: blueriq.security.jwt-claims.role-mapping.employee=authenticated_user,vu_employee (all users which have the employee role at the identity provider will have the authenticated_user and vu_employee roles in Blueriq) |
| |
blueriq.security.jwt-claims.team-mapping.<team-claim> | Maps a team claim to zero, one or multiple Blueriq teams. If a team claim does not have a mapping, it is considered to have an implicit identity mapping. Example: blueriq.security.jwt-claims.team-mapping.amsterdam=europe,netherlands (all users which have the amsterdam team at the identity provider will have the europe and netherlands teams in Blueriq) |
| |
blueriq.security.jwt-claims.username-path | A JsonPath expression to the usernameclaim in the JWT body. See roles-path above for more information. If no value is specified, the default value is used: |
| |
blueriq.security.jwt-claims.claim-mapping.<key-id>=<value> | Additional optional custom parameter to retrieve a claim from the JWT and place it in the Authentication under the specified key. The value should be a JsonPath expression to the claim in the JWT body. Only (lists of) strings, numbers and booleans are supported. These values will all be converted to strings. See roles-path above for more information. These claims can be retrieved to the profile using the GetAuthenticationClaims service. |
|