You are viewing the documentation for Blueriq 17. Documentation for other versions is available in our documentation directory.

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Current »

SubjectJAVA PropertyExplanation
JWT Authenticationblueriq.security.jwt.login-path

Optional login path property that is used when building the login redirect URL to the Gateway Service. This can be overridden when the Gateway Service is running behind a reverse proxy.

Default: /login

application.properties


blueriq.security.jwt.logout-path

Optional logout path property that is used when building the logout redirect URL to the Gateway Service. This can be overridden when the Gateway Service is running behind a reverse proxy.

Default: /logout

application.properties


blueriq.security.jwt.sso-logout

Boolean indicating whether when logging out of Blueriq the user should be logged out of the Single-Sign-On session as well.

Default: false

application.properties


SubjectJAVA PropertyExplanation

blueriq.security.jwt-claims.roles-path

A JsonPath expression to the roles claim in the JWT body. 

For example, if the JWT body contains below claims, this property should be set to $.realm_access.roles in order to indicate that the roles claim nested within the realm_access claim represents the roles. 

{
  ... other claims ...
  "realm_access": [
    "roles": ["role1", "role2"]
  ]
  ... other claims ...
}


application.properties


blueriq.security.jwt-claims.teams-path

A JsonPath expression to the teams claim in the JWT body. 

See roles-path above for more information.

application.properties


blueriq.security.jwt-claims.role-mapping.<role-claim>

Maps a role claim to zero, one or multiple Blueriq roles. If a role claim does not have a mapping, it is considered to have an implicit identity mapping.

Example: blueriq.security.jwt-claims.role-mapping.employee=authenticated_user,vu_employee

(all users which have the employee role at the identity provider will have the authenticated_user and vu_employee roles in Blueriq)

application.properties


blueriq.security.jwt-claims.team-mapping.<team-claim>

Maps a team claim to zero, one or multiple Blueriq teams. If a team claim does not have a mapping, it is considered to have an implicit identity mapping.

Example: blueriq.security.jwt-claims.team-mapping.amsterdam=europe,netherlands

(all users which have the amsterdam team at the identity provider will have the europe and netherlands teams in Blueriq)

application.properties


blueriq.security.jwt-claims.username-path

A JsonPath expression to the usernameclaim in the JWT body. 

See roles-path above for more information.

If no value is specified, the default value is used: $.preferred_username.

application.properties


blueriq.security.jwt-claims.claim-mapping.<key-id>=<value>

Additional optional custom parameter to retrieve a claim from the JWT and place it in the Authentication under the specified key. The value should be a JsonPath expression to the claim in the JWT body.

Only (lists of) strings, numbers and booleans are supported. These values will all be converted to strings.

See roles-path above for more information.

These claims can be retrieved to the profile using the GetAuthenticationClaims service.

application.properties

  • No labels