-
Notifications
You must be signed in to change notification settings - Fork 259
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #1655 from praminda/4.0.0-m6-fixes
Fix a test failure in JWTGenerator
- Loading branch information
Showing
4 changed files
with
118 additions
and
4 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
107 changes: 107 additions & 0 deletions
107
test/test-integration/src/test/resources/jwtGenerator/config.toml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,107 @@ | ||
[adapter] | ||
# The configuration file for mgw | ||
[adapter.server] | ||
host = "0.0.0.0" | ||
port = "9843" | ||
|
||
[[adapter.server.users]] | ||
username = "admin" | ||
password = "admin" | ||
|
||
[adapter.keystore] | ||
certPath = "/home/wso2/security/keystore/mg.pem" | ||
keyPath = "/home/wso2/security/keystore/mg.key" | ||
|
||
[adapter.truststore] | ||
location = "/home/wso2/security/truststore" | ||
|
||
[adapter.consul] | ||
# todo rumesh check whether we need to have certPath and KeyPath | ||
enable = false | ||
url = "https://169.254.1.1:8501" # scheme + host ip + port | ||
pollInterval = 5 # seconds | ||
aclTokenFilePath = "" | ||
# certs for tls | ||
caCertPath = "/home/wso2/security/truststore/consul/consul-agent-ca.pem" | ||
certPath = "/home/wso2/security/truststore/consul/local-dc-client-consul-0.pem" | ||
keyPath = "/home/wso2/security/truststore/consul/local-dc-client-consul-0-key.pem" | ||
|
||
[envoy] | ||
listenerHost = "0.0.0.0" | ||
listenerPort = 9095 | ||
clusterTimeoutInSeconds = 20 | ||
listenerTLSEnabled = true | ||
|
||
[envoy.keystore] | ||
certPath = "/home/wso2/security/keystore/mg.pem" | ||
keyPath = "/home/wso2/security/keystore/mg.key" | ||
|
||
[envoy.upstream] | ||
[envoy.upstream.tls] | ||
minimumProtocolVersion = "TLS1_1" | ||
maximumProtocolVersion = "TLS1_2" | ||
ciphers = "ECDHE-ECDSA-AES128-GCM-SHA256, ECDHE-RSA-AES128-GCM-SHA256, ECDHE-ECDSA-AES128-SHA, ECDHE-RSA-AES128-SHA, AES128-GCM-SHA256, AES128-SHA, ECDHE-ECDSA-AES256-GCM-SHA384, ECDHE-RSA-AES256-GCM-SHA384, ECDHE-ECDSA-AES256-SHA, ECDHE-RSA-AES256-SHA, AES256-GCM-SHA384, AES256-SHA" | ||
# the default endpoint certificates | ||
trustedCertPath = "/etc/ssl/certs/ca-certificates.crt" | ||
verifyHostName = true | ||
disableSslVerification = false | ||
|
||
[enforcer] | ||
[enforcer.authService] | ||
port = 8081 | ||
maxMessageSize = 1000000000 | ||
maxHeaderLimit = 8192 | ||
#keep alive time of the external authz connection | ||
keepAliveTime = 600 | ||
[enforcer.authService.threadPool] | ||
coreSize = 400 | ||
maxSize = 500 | ||
#keep alive time of threads in seconds | ||
keepAliveTime = 600 | ||
queueSize = 1000 | ||
|
||
# JWT token authorization configurations. You can provide multiple JWT issuers | ||
# Issuer 1 | ||
[[enforcer.jwtTokenConfig]] | ||
name="Resident Key Manager" | ||
issuer = "https://localhost:9443/oauth2/token" | ||
certificateAlias = "wso2carbon" | ||
# URL of the JWKs endpoint | ||
jwksURL = "" | ||
# Validate subscribed APIs | ||
validateSubscription = false | ||
# The claim in which the consumer key of the application is coming | ||
consumerKeyClaim = "azp" | ||
# Certificate Filepath within enforcer | ||
certificateFilePath = "/home/wso2/security/truststore/wso2carbon.pem" | ||
|
||
[enforcer.apimCredentials] | ||
username="admin" | ||
password="admin" | ||
|
||
[enforcer.jwtGenerator] | ||
enable = true | ||
encoding = "base64" # base64,base64url | ||
claimDialect = "http://wso2.org/claims" | ||
convertDialect = false | ||
header = "X-JWT-Assertion" | ||
signingAlgorithm = "SHA256withRSA" | ||
enableUserClaims = false | ||
gatewayGeneratorImpl = "org.wso2.carbon.apimgt.common.gateway.jwtgenerator.APIMgtGatewayJWTGeneratorImpl" | ||
claimsExtractorImpl = "org.wso2.carbon.apimgt.impl.token.ExtendedDefaultClaimsRetriever" | ||
publicCertificatePath = "/home/wso2/security/truststore/mg.pem" | ||
privateKeyPath = "/home/wso2/security/keystore/mg.key" | ||
|
||
[controlPlane] | ||
# Control plane's eventHub details | ||
[controlPlane.eventHub] | ||
enabled = false | ||
serviceUrl = "https://localhost:9443/" | ||
username="admin" | ||
password="admin" | ||
environmentLabels = ["Production and Sandbox"] | ||
retryInterval = 5 | ||
skipSSLVerification=true | ||
# Message broker connection URL of the control plane | ||
[controlPlane.eventHub.jmsConnectionParameters] | ||
eventListeningEndpoints = "amqp://admin:admin@localhost:5672/" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters