{ "properties": { "asHostname": "myTenant.forgeblocks.com", "gatewayOAuth2ClientId": "gateway-oauth2-client", "gatewayIdmUsername": "gateway-idm-user", "realm": "alpha", "tenantHostname": "myTenant.forgeblocks.com", "trustedDirectoryJwksUrl": "http://trustdir.example.com:9080/jwkms/testdirectory/jwks" }, "handler": "_router", "heap": [ { "name": "_router", "type": "Router", "config": { "directory": "${openig.configDirectory}/routes", "defaultHandler": { "type": "DispatchHandler", "config": { "bindings": [ { "condition": "${request.method == 'GET' and request.uri.path == '/'}", "handler": { "type": "WelcomeHandler" } }, { "condition": "${request.uri.path == '/'}", "handler": { "type": "StaticResponseHandler", "config": { "status": 405, "reason": "Method Not Allowed" } } }, { "handler": { "type": "StaticResponseHandler", "config": { "status": 404, "reason": "Not Found" } } } ] } } } }, { "name": "capture", "type": "CaptureDecorator", "config": { "captureEntity": true } }, { "name": "PlatformReverseProxyHandler", "comment": "Add a transaction ID header for calls to platform services", "type": "Chain", "config": { "filters": [ "TransactionIdOutboundFilter" ], "handler": "ReverseProxyHandler" } }, { "name": "SystemAndEnvSecretStore", "type": "SystemAndEnvSecretStore" }, { "name": "IdmClientHandler", "type": "Chain", "config": { "filters": [ { "type": "ResourceOwnerOAuth2ClientFilter", "config": { "tokenEndpoint": "https://&{tenantHostname}/am/oauth2/realms/root/realms/&{realm}/access_token", "username": "&{gatewayIdmUsername}", "passwordSecretId": "gateway.idm.password", "secretsProvider": "SystemAndEnvSecretStore", "scopes": [ "fr:idm:*" ], "endpointHandler": { "type": "Chain", "config": { "handler": "ForgeRockClientHandler", "filters": [ { "type": "ClientSecretBasicAuthenticationFilter", "config": { "clientId": "&{gatewayOAuth2ClientId}", "clientSecretId": "gateway.oauth2.client.secret", "secretsProvider": "SystemAndEnvSecretStore" } } ] } } } } ], "handler": "ForgeRockClientHandler" } }, { "name": "JwkSetService", "type": "CachingJwkSetService", "config": { "cacheMaxSize": 500, "cacheTimeout": "24 hours" } }, { "name": "TrustedDirectoryService", "type": "TrustedDirectoryService", "config": { "trustedDirectories": [ "TestTrustedDirectory" ] } }, { "name": "TestTrustedDirectory", "type": "TrustedDirectory", "config": { "issuer": "FAPI Test Trusted Directory", "softwareStatementClaims": { "organisationIdClaimName": "org_id", "organisationNameClaimName": "org_name", "softwareIdClaimName": "software_id", "clientNameClaimName": "software_client_name", "redirectUrisClaimName": "software_redirect_uris", "rolesClaimName": "software_roles", "_comment": "If your clients publish JWKs, use jwksUriClaimName instead of jwksClaimName.", "jwksClaimName": "software_jwks" }, "secretsProvider": { "type": "SecretsProvider", "config": { "stores": [ { "type": "JwkSetSecretStore", "config": { "jwkUrl": "&{trustedDirectoryJwksUrl}" } } ] } } } }, { "name": "IdmService", "type": "IdmService", "config": { "baseEndpoint": "https://&{tenantHostname}/openidm", "endpointHandler": "IdmClientHandler" } }, { "name": "IdmApiClientService", "type": "IdmApiClientService", "config": { "idmService": "IdmService", "jwkSetService": "JwkSetService" } }, { "name": "IdmApiClientOrganisationService", "type": "IdmApiClientOrganisationService", "config": { "idmService": "IdmService" } }, { "name": "AsJwkSecretsProvider", "type": "SecretsProvider", "config": { "stores": [ { "type": "JwkSetSecretStore", "config": { "jwkUrl": "https://&{tenantHostname}/am/oauth2/realms/root/realms/&{realm}/connect/jwk_uri" } } ] } } ], "session": { "type": "JwtSessionManager" } }