Commit 00b5fef1 authored by Alok Joshi's avatar Alok Joshi
Browse files

Merge branch 'master' of...

Merge branch 'master' of https://community.opengroup.org/osdu/platform/security-and-compliance/entitlements-azure into support_non_aad_token
parents e6320635 b8aa1b74
......@@ -43,7 +43,6 @@ az keyvault secret show --vault-name $KEY_VAULT_NAME --name $KEY_VAULT_SECRET_NA
| `service_domain_name` | ex `contoso.com` | The name of the domain for which the service will run | no | -- |
| `aad_client_id` | `********` | AAD client application ID | yes | output of infrastructure deployment |
| `azure.activedirectory.AppIdUri` | `api://${azure.activedirectory.client-id}` | URI for AAD Application | no | -- |
| `azure.activedirectory.session-stateless` | `true` | Flag run in stateless mode (needed by AAD dependency) | no | -- |
| `cosmosdb_database` | ex `foo-db` | The name of the CosmosDB database | no | output of infrastructure deployment |
| `KEYVAULT_URI` | ex `https://foo-keyvault.vault.azure.net/` | URI of KeyVault that holds application secrets | no | output of infrastructure deployment |
| `appinsights_key` | `********` | API Key for App Insights | yes | output of infrastructure deployment |
......@@ -51,8 +50,24 @@ az keyvault secret show --vault-name $KEY_VAULT_NAME --name $KEY_VAULT_SECRET_NA
| `AZURE_CLIENT_ID` | `********` | Identity to run the service locally. This enables access to Azure resources. You only need this if running locally | yes | keyvault secret: `$KEYVAULT_URI/secrets/app-dev-sp-username` |
| `AZURE_TENANT_ID` | `********` | AD tenant to authenticate users from | yes | -- |
| `AZURE_CLIENT_SECRET` | `********` | Secret for `$AZURE_CLIENT_ID` | yes | keyvault secret: `$KEYVAULT_URI/secrets/app-dev-sp-password` |
In Order to run service with AAD authentication add below environment variables.This is the recommended approach to run entitlement service in local.
As AAD will authenticate the token and extract the payload to fetch user information.
| name | value | description | sensitive? | source |
| --- | --- | --- | --- | --- |
| `azure_istioauth_enabled` | `false` | Flag to Disable AAD auth | no | -- |
| `azure_activedirectory_session_stateless` | `true` | Flag run in stateless mode (needed by AAD dependency) | no | -- |
| `azure_activedirectory_client_id` | `********` | AAD client application ID | yes | output of infrastructure deployment |
In Order to run service with Istio authentication add below environment variables.This is needed only to test istio filter scenarios,
with these settings service expects "x-payload" header which contains Base64 encoded format of Payload.In this approach service will not do Authentication.
name | value | description | sensitive? | source |
| --- | --- | --- | --- | --- |
| `azure_istioauth_enabled` | `true` | Flag to Disable AAD auth | no | -- |
**Required to run integration tests**
| name | value | description | sensitive? | source |
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment