From 97d28a92cb11ba0f81b02193885bc45a778e960a Mon Sep 17 00:00:00 2001 From: Arjav Desai Date: Wed, 8 Jun 2022 07:43:19 -0500 Subject: [PATCH] Add IDCS related info to MP Security example (#4343) forward port to 3.x --- examples/microprofile/idcs/README.md | 48 +++++++++++++++++++++++++--- 1 file changed, 43 insertions(+), 5 deletions(-) diff --git a/examples/microprofile/idcs/README.md b/examples/microprofile/idcs/README.md index 0a1deb9f410..5277d382904 100644 --- a/examples/microprofile/idcs/README.md +++ b/examples/microprofile/idcs/README.md @@ -1,6 +1,41 @@ -# Helidon MP IDCS +# Helidon MP IDCS -Example JAX-RS application with resources protected by IDCS +This example demonstrates integration with IDCS (Oracle identity service, integrated with Open ID Connect provider) where JAX-RS application resources are protected by IDCS. + +## Contents + +This project contains two samples, one (IdcsApplication.java) and a second (ReactiveService.java). It also contains a static resource. When configured the example exposes multiple HTTP endpoints. + +### IDCS Configuration + +[This documentation](https://docs.oracle.com/en/cloud/paas/identity-cloud/uaids/oracle-identity-cloud-service.html#GUID-BC4769EE-258A-4B53-AED5-6BA9888C8275) describes basics of IDCS as well as how you can get IDCS instance. + +1. [Log in to the IDCS console](https://docs.oracle.com/en/cloud/paas/identity-cloud/uaids/how-access-oracle-identity-cloud-service.html) and create a new application of type "confidential app" +2. Within **Resources** + 1. Create two resources called `first_scope` and `second_scope` + 2. Primary Audience = `http://localhost:7987/"` (ensure there is a trailing /) +3. Within **Client Configuration** + 1. Register a client + 2. Allowed Grant Types = Client Credentials,JWT Assertion, Refresh Token, Authorization Code + 3. Check "Allow non-HTTPS URLs" + 4. Set Redirect URL to `http://localhost:7987/oidc/redirect` + 5. Client Type = Confidential + 6. Add all Scopes defined in the resources section + 7. Set allowed operations to `Introspect` + 8. Set Post Logout Redirect URL to `http://localhost:7987/loggedout` + +Ensure you save and *activate* the application + +### Application Configuration + +Edit application.yaml based on your IDCS Configuration + +1. idcs-uri : Base URL of your idcs instance, usually something like https://idcs-.identity.oraclecloud.com +2. idcs-client-id : This is obtained from your IDCS application in the IDCS console +3. idcs-client-secret : This is obtained from your IDCS application in the IDCS console +4. frontend-uri : This is the base URL of your application when run, e.g. `http://localhost:7987` +5. proxy-host : Your proxy server if needed +6. scope-audience : This is the scope audience which MUST match the primary audience in the IDCS resource, recommendation is not to have a trailing slash (/) ## Build and run @@ -11,6 +46,9 @@ java -jar target/helidon-examples-microprofile-security-idcs.jar Try the endpoints: -``` -TODO -``` +| Endpoint | Description | +|:------------------------|:---------------------------------------------------------------------------------------| +| `rest/login` | Login | +| `rest/scopes` | Full security with scopes and roles (see IdcsResource.java) | +| `rest/reactive` | Protected reactive service (see application.yaml - security.web-server) | +| `web/resource.html` | Protected static resource (see application.yaml - security.web-server) |