-
Notifications
You must be signed in to change notification settings - Fork 0
2. Identity Provider
The Identity Provider (IDP) is one of the key components of the solution. Has been built using .Net Core.
It is important to clarify that are many different ways to configure the ipmdecisions/identityproviderservice image when building it. Depending on the needs during the deployment, you might choose one.
When .Net Core applications are loaded, they use default configuration files: appsettings.json
or/and appsettings.{Environment}.json
. See in the repository the file that is included inside the docker image. As expected, the default configuration is very generic.
Finally, when deploying using docker-compose, you can also add environmental variables
. These variables will override the appsettings.json ones.
This microservice needs a MySQL database to run. The database will run in its own container. To create the database structure and add default data, an SQL script has been created. It is located on the repository.
This script can be run the first time the database container is created adding in it on the volumes
section of the docker-compose.
Also, you can do a backup of an existing database and applied to MySQL instance.
Name | Possible Values | Description | Notes |
---|---|---|---|
ASPNETCORE_ENVIRONMENT | Development/Staging/Production | Set the application environment | Production enforces HTTPS, so only use when certificates installed |
ASPNETCORE_URLS | http://+:80 | Sets entry port of the solution. Must match docker ports | Use https://+:443;http://+:80 when valid HTTPS certificates installed |
ASPNETCORE_HTTPS_PORT | 443 | Enforces HHTPS entry port | Use when valid HTTPS certificates installed |
ASPNETCORE_Kestrel__Certificates__Default__Path | /https/YourCertificate.pfx | Internal path to your HTTPS certificate | Use when valid HTTPS certificates installed |
ASPNETCORE_Kestrel__Certificates__Default__Password | abc1234 | Password of your internal HTTPS certificate | Use when valid HTTPS certificates installed |
ConnectionStrings:MySqlDbConnection | Server=yourServer;Database=yourDatabase;Uid=your_mysql_user;Pwd=your_mysql_password | Location of the database | Server, if using docker, should be the hostname. If using the SQL script to create DB, the database, username and password should match the values of the script. |
JwtSettings:TokenLifetimeMinutes | 100 | Sets the expiration time of the JWT before the user needs to get a new one | Needs to be a number. The default value is 80 |
JwtSettings:SecretKey | 12345abcd | This API and others are protected by JWT, this secret key signs the token | This secret key MUST match theother microservices |
JwtSettings:IssuerServerUrl | IDPServerURL | Identifies the principal that issued the JWT, in this case, this server | This issuer MUST match the other microservices |
JwtSettings:ValidAudiences | Audience1;Audience2 | Identifies the recipients that the JWT is intended for | Values must be separated by ;
|
AllowedHosts | test.com;http://localhost.com;* | Cross-Origin Requests | Allowlist origins that can make request into the application. Values must be separated by ;
|
IPMEmailMicroservice:ApiGatewayAddress | http://apg.api/ | The API gateway URL | Use internal URL from docker compose |
IPMEmailMicroservice:EmailMicroservice | api/eml/ | The Email Service route for the microservice | Use the value in the API Gateway Ocelot configuration file. |
IPMEmailMicroservice:ContentTypeHeader | myCustomTypeHeader | This is a custom header using for security. | This header MUST be the same in the email microservice |
IPMEmailMicroservice:SecurityTokenCustomHeader | myCustomHeader | This header also adds security for the email microservice | This header MUST be the same in the email microservice |
IPMEmailMicroservice:SecurityToken | theValueOfSecurityTokenCustomHeader | This value adds security for the email microservice | This value MUST be the same in the email microservice |
NLog:targets:logfile:fileName | ./your/logPath/andFileName.log | Where your logs are going to be saved and name of the file |
./logs/imp-decisions-IDP-$${shortdate}.log is a good value. |
NLog:rules:logfile:minLevel | Warn | The level of logging that you want to record on the lof file | Possible values in this link |
NLog:rules:logconsole:minLevel | Warn | The level of logging that you want to write on the console | Possible values in this link |
UIPageAddresses:ResetPasswordFormPageAddress | http://fake.com/resetpassword | The URL of the UI that the user will be redirected when clicking on the reset password email |
Should |
UIPageAddresses:ConfirmUserFormPageAddress | http://fake.com/comfirm | The URL of the UI that the user will be redirected when clicking on the confirm your email email |
If you prefer to change load your own appsettings.json
, you can achieve this by mounting them using docker-compose volumes. Bellow is the location inside the container where you should copy the files:
volumes:
- ./your/localPath/appsettings.json:/app/appsettings.json
- ./your/localPath/appsettings.Development.json:/app/appsettings.Development.json
Below is an example of the Identity Provider and its database section in the docker-compose file:
For general API Documentation, check https://h2020ipmdecisionsapigateway.docs.apiary.io/