diff --git a/maxkey-persistence/src/test/resources/application.properties b/maxkey-persistence/src/test/resources/application.properties index c65c56764..bee05d5d3 100644 --- a/maxkey-persistence/src/test/resources/application.properties +++ b/maxkey-persistence/src/test/resources/application.properties @@ -90,3 +90,220 @@ spring.kafka.producer.key-serializer=org.apache.kafka.common.serialization.Strin spring.kafka.producer.value-serializer=org.apache.kafka.common.serialization.StringSerializer # \u81ea\u5b9a\u4e49\u5206\u533a\u5668 # spring.kafka.producer.properties.partitioner.class=com.felix.kafka.producer.CustomizePartitioner + +############################################################################ +# domain name configuration +maxkey.server.domain=maxkey.top +maxkey.server.domain.sub=sso.${maxkey.server.domain} +maxkey.server.name=http://${maxkey.server.domain.sub} +maxkey.server.prefix.uri=${maxkey.server.name}/maxkey +#default.uri +maxkey.server.default.uri=${maxkey.server.prefix.uri}/maxkey/appList +maxkey.server.management.uri=${maxkey.server.name}:9521/maxkey-mgt/login +#InMemory 0 , jdbc 1, Redis 2 +maxkey.server.persistence=0 +#identity +maxkey.identity.kafkasupport=false + +maxkey.app.issuer=CN=ConSec,CN=COM,CN=SH +############################################################################ +# Login configuration +#enable captcha +maxkey.login.captcha=true +#text or arithmetic +maxkey.login.captcha.type=text +#enable two factor,use one time password +maxkey.login.mfa=true +#TimeBasedOtpAuthn MailOtpAuthn SmsOtpAuthnYunxin SmsOtpAuthnAliyun SmsOtpAuthnTencentCloud +maxkey.login.mfa.type=TimeBasedOtpAuthn +#enable social sign on +maxkey.login.socialsignon=true +#social sign on providers +maxkey.login.socialsignon.providers=sinaweibo,google,qq,dingtalk,microsoft,facebook +#Enable kerberos/SPNEGO +maxkey.login.kerberos=true +#wsFederation +maxkey.login.wsfederation=false +#remeberme +maxkey.login.remeberme=true +#validity +maxkey.login.remeberme.validity=0 + +#to default application web site +maxkey.login.default.uri=appList + +maxkey.ipaddress.whitelist=false + +#SmsOtpAuthnYunxin SmsOtpAuthnAliyun SmsOtpAuthnTencentCloud +maxkey.otp.sms=SmsOtpAuthnYunxin + +maxkey.otp.sms.aliyun.accesskeyid=94395d754eb55693043f5d6a2b772ef4 +maxkey.otp.sms.aliyun.accesssecret=05d5485357bc +maxkey.otp.sms.aliyun.templatecode=14860095 +maxkey.otp.sms.aliyun.signname=maxkey + +maxkey.otp.sms.yunxin.appkey=94395d754eb55693043f5d6a2b772ef4 +maxkey.otp.sms.yunxin.appsecret=05d5485357bc +maxkey.otp.sms.yunxin.templateid=14860095 + +maxkey.otp.sms.tencentcloud.secretid=94395d754eb55693043f5d6a2b772ef4 +maxkey.otp.sms.tencentcloud.secretkey=05d5485357bc +maxkey.otp.sms.tencentcloud.smssdkappid=1486220095 +maxkey.otp.sms.tencentcloud.templateid=14860095 +maxkey.otp.sms.tencentcloud.sign=1486009522 + +maxkey.otp.keyuri.format.type=totp +maxkey.otp.keyuri.format.digits=6 +maxkey.otp.keyuri.format.issuer=MaxKey +maxkey.otp.keyuri.format.domain=${maxkey.server.domain} +maxkey.otp.keyuri.format.period=30 + +############################################################################ +# Kerberos Login configuration +############################################################################ +#short name of user domain must be in upper case,eg:MAXKEY +maxkey.support.kerberos.default.userdomain=MAXKEY +#short name of user domain must be in upper case,eg:MAXKEY.ORG +maxkey.support.kerberos.default.fulluserdomain=MAXKEY.ORG +#last 8Bit crypto for Kerberos web Authentication +maxkey.support.kerberos.default.crypto=846KZSzYq56M6d5o +#Kerberos Authentication server RUL +maxkey.support.kerberos.default.redirecturi=http://sso.maxkey.top/kerberos/authn/ +############################################################################ +# HTTPHEADER Login configuration +############################################################################ +maxkey.support.httpheader.enable=false +maxkey.support.httpheader.headername=header-user +# iv-user is for IBM Security Access Manager +#maxkey.httpheader.headername=iv-user + +############################################################################ +# BASIC Login support configuration +############################################################################ + +maxkey.support.basic.enable=false + +############################################################################# +# WsFederation Login support configuration +#identifier: the identifer for the ADFS server +#url: the login url for ADFS +#principal: the name of the attribute/assertion returned by ADFS that contains the principal's username. +#relyingParty: the identifier of the CAS Server as it has been configured in ADFS. +#tolerance: (optional) the amount of drift to allow when validating the timestamp on the token. Default: 10000 (ms) +#attributeMutator: (optional) a class (defined by you) that can modify the attributes/assertions returned by the ADFS server +#signingCertificate: ADFS's signing certificate used to validate the token/assertions issued by ADFS. +############################################################################ + +maxkey.support.wsfederation.identifier=http://adfs.maxkey.top/adfs/services/trust +maxkey.support.wsfederation.url=https://adfs.maxkey.top/adfs/ls/ +maxkey.support.wsfederation.principal=upn +maxkey.support.wsfederation.relyingParty=urn:federation:connsec +maxkey.support.wsfederation.signingCertificate=adfs-signing.crt +maxkey.support.wsfederation.tolerance=10000 +maxkey.support.wsfederation.upn.suffix=maxkey.org +maxkey.support.wsfederation.logoutUrl=https://adfs.maxkey.top/adfs/ls/?wa=wsignout1.0 +############################################################################# + +############################################################################# +# OIDC V1.0 METADATA configuration +maxkey.oidc.metadata.issuer=${maxkey.server.name}/maxkey +maxkey.oidc.metadata.authorizationEndpoint=${maxkey.server.name}/maxkey/oauth/v20/authorize +maxkey.oidc.metadata.tokenEndpoint=${maxkey.server.name}/maxkey/oauth/v20/token +maxkey.oidc.metadata.userinfoEndpoint=${maxkey.server.name}/maxkey/api/connect/userinfo + +############################################################################# +# SAML V2.0 configuration +#saml common +maxkey.saml.v20.max.parser.pool.size=2 +maxkey.saml.v20.assertion.validity.time.ins.seconds=90 +maxkey.saml.v20.replay.cache.life.in.millis=14400000 +maxkey.saml.v20.issue.instant.check.clock.skew.in.seconds=90 +maxkey.saml.v20.issue.instant.check.validity.time.in.seconds=300 + + +#saml idp keystore +maxkey.saml.v20.idp.keystore.password=maxkey +maxkey.saml.v20.idp.keystore.private.key.password=maxkey +maxkey.saml.v20.idp.keystore=classpath\:config/samlServerKeystore.jks +#keystore id for sec +maxkey.saml.v20.idp.issuing.entity.id=maxkey.top +maxkey.saml.v20.idp.issuer=https://sso.maxkey.top/maxkey/saml + +maxkey.saml.v20.idp.receiver.endpoint=https\://sso.maxkey.top/ + +#saml sp keystore +maxkey.saml.v20.sp.keystore.password=maxkey +maxkey.saml.v20.sp.keystore.private.key.password=maxkey +maxkey.saml.v20.sp.keystore=classpath\:config/samlClientKeystore.jks +maxkey.saml.v20.sp.issuing.entity.id=client.maxkey.org + +#Saml v20 METADATA +maxkey.saml.v20.metadata.orgName=maxkey +maxkey.saml.v20.metadata.orgDisplayName=maxkey +maxkey.saml.v20.metadata.orgURL=https://github.com/shimingxy/MaxKey +maxkey.saml.v20.metadata.contactType=technical +maxkey.saml.v20.metadata.company=maxkey +maxkey.saml.v20.metadata.givenName=maxkey +maxkey.saml.v20.metadata.surName=maxkey +maxkey.saml.v20.metadata.emailAddress=shimingxy@163.com +maxkey.saml.v20.metadata.telephoneNumber=4008981111 + +############################################################################ +# Social Sign On Configuration # +#you config client.id & client.secret only +############################################################################ + +############################################################################ +#sina weibo +maxkey.socialsignon.sinaweibo.provider=sinaweibo +maxkey.socialsignon.sinaweibo.provider.name=\u65B0\u6D6A\u5FAE\u535A +maxkey.socialsignon.sinaweibo.icon=images/social/sinaweibo.png +maxkey.socialsignon.sinaweibo.client.id=3379757634 +maxkey.socialsignon.sinaweibo.client.secret=1adfdf9800299037bcab9d1c238664ba +maxkey.socialsignon.sinaweibo.account.id=id +maxkey.socialsignon.sinaweibo.sortorder=1 + +#Google +maxkey.socialsignon.google.provider=google +maxkey.socialsignon.google.provider.name=Google +maxkey.socialsignon.google.icon=images/social/google.png +maxkey.socialsignon.google.client.id=519914515488.apps.googleusercontent.com +maxkey.socialsignon.google.client.secret=3aTW3Iw7e11QqMnHxciCaXTt +maxkey.socialsignon.google.account.id=id +maxkey.socialsignon.google.sortorder=2 + +#QQ +maxkey.socialsignon.qq.provider=qq +maxkey.socialsignon.qq.provider.name=QQ +maxkey.socialsignon.qq.icon=images/social/qq.png +maxkey.socialsignon.qq.client.id=101225363 +maxkey.socialsignon.qq.client.secret=8577d75e0eb4a91ac549cc8be3371bfd +maxkey.socialsignon.qq.account.id=openid +maxkey.socialsignon.qq.sortorder=4 + +#dingtalk +maxkey.socialsignon.dingtalk.provider=dingtalk +maxkey.socialsignon.dingtalk.provider.name=dingtalk +maxkey.socialsignon.dingtalk.icon=images/social/dingtalk.png +maxkey.socialsignon.dingtalk.client.id=dingoawf2jyiwh2uzqnphg +maxkey.socialsignon.dingtalk.client.secret=Crm7YJbMKfRlvG2i1SHpg4GHVpqF_oXiEjhmRQyiSiuzNRWpbFh9i0UjDTfhOoN9 +maxkey.socialsignon.dingtalk.account.id=openid +maxkey.socialsignon.dingtalk.sortorder=5 + +#Microsoft +maxkey.socialsignon.microsoft.provider=microsoft +maxkey.socialsignon.microsoft.provider.name=Microsoft +maxkey.socialsignon.microsoft.icon=images/social/live.png +maxkey.socialsignon.microsoft.client.id=24aa73b6-7928-4e64-bd64-d8682e650f95 +maxkey.socialsignon.microsoft.client.secret=PF[_AthtjVrtWVO2mNy@CJxY1@Z8FNf5 +maxkey.socialsignon.microsoft.account.id=id +maxkey.socialsignon.microsoft.sortorder=6 + +#facebook +maxkey.socialsignon.facebook.provider=facebook +maxkey.socialsignon.facebook.provider.name=facebook +maxkey.socialsignon.facebook.icon=images/social/facebook.png +maxkey.socialsignon.facebook.client.id=appKey +maxkey.socialsignon.facebook.client.secret=appSecret +maxkey.socialsignon.facebook.account.id=id +maxkey.socialsignon.facebook.sortorder=7 \ No newline at end of file diff --git a/maxkey-persistence/src/test/resources/maxkey.properties b/maxkey-persistence/src/test/resources/maxkey.properties deleted file mode 100644 index 14c2148b0..000000000 --- a/maxkey-persistence/src/test/resources/maxkey.properties +++ /dev/null @@ -1,218 +0,0 @@ -############################################################################ -# MaxKey -############################################################################ -# domain name configuration -config.server.domain=maxkey.top -config.server.domain.sub=sso.${config.server.domain} -config.server.name=http://${config.server.domain.sub} -config.server.prefix.uri=${config.server.name}/maxkey -#default.uri -config.server.default.uri=${config.server.prefix.uri}/maxkey/appList -config.server.management.uri=${config.server.name}:9521/maxkey-mgt/login -#InMemory 0 , jdbc 1, Redis 2 -config.server.persistence=0 -#identity -config.identity.kafkasupport=false - -config.app.issuer=CN=ConSec,CN=COM,CN=SH -############################################################################ -# Login configuration -#enable captcha -config.login.captcha=true -#text or arithmetic -config.login.captcha.type=text -#enable two factor,use one time password -config.login.mfa=true -#TimeBasedOtpAuthn MailOtpAuthn SmsOtpAuthnYunxin SmsOtpAuthnAliyun SmsOtpAuthnTencentCloud -config.login.mfa.type=TimeBasedOtpAuthn -#enable social sign on -config.login.socialsignon=true -#social sign on providers -config.login.socialsignon.providers=sinaweibo,google,qq,dingtalk,microsoft,facebook -#Enable kerberos/SPNEGO -config.login.kerberos=true -#wsFederation -config.login.wsfederation=false -#remeberme -config.login.remeberme=true -#validity -config.login.remeberme.validity=0 - -#to default application web site -config.login.default.uri=appList - -config.ipaddress.whitelist=false - -#SmsOtpAuthnYunxin SmsOtpAuthnAliyun SmsOtpAuthnTencentCloud -config.otp.sms=SmsOtpAuthnYunxin - -config.otp.sms.aliyun.accesskeyid=94395d754eb55693043f5d6a2b772ef4 -config.otp.sms.aliyun.accesssecret=05d5485357bc -config.otp.sms.aliyun.templatecode=14860095 -config.otp.sms.aliyun.signname=maxkey - -config.otp.sms.yunxin.appkey=94395d754eb55693043f5d6a2b772ef4 -config.otp.sms.yunxin.appsecret=05d5485357bc -config.otp.sms.yunxin.templateid=14860095 - -config.otp.sms.tencentcloud.secretid=94395d754eb55693043f5d6a2b772ef4 -config.otp.sms.tencentcloud.secretkey=05d5485357bc -config.otp.sms.tencentcloud.smssdkappid=1486220095 -config.otp.sms.tencentcloud.templateid=14860095 -config.otp.sms.tencentcloud.sign=1486009522 - -config.otp.keyuri.format.type=totp -config.otp.keyuri.format.digits=6 -config.otp.keyuri.format.issuer=MaxKey -config.otp.keyuri.format.domain=${config.server.domain} -config.otp.keyuri.format.period=30 - -############################################################################ -# Kerberos Login configuration -############################################################################ -#short name of user domain must be in upper case,eg:MAXKEY -config.support.kerberos.default.userdomain=MAXKEY -#short name of user domain must be in upper case,eg:MAXKEY.ORG -config.support.kerberos.default.fulluserdomain=MAXKEY.ORG -#last 8Bit crypto for Kerberos web Authentication -config.support.kerberos.default.crypto=846KZSzYq56M6d5o -#Kerberos Authentication server RUL -config.support.kerberos.default.redirecturi=http://sso.maxkey.top/kerberos/authn/ -############################################################################ -# HTTPHEADER Login configuration -############################################################################ -config.support.httpheader.enable=false -config.support.httpheader.headername=header-user -# iv-user is for IBM Security Access Manager -#config.httpheader.headername=iv-user - -############################################################################ -# BASIC Login support configuration -############################################################################ - -config.support.basic.enable=false - -############################################################################# -# WsFederation Login support configuration -#identifier: the identifer for the ADFS server -#url: the login url for ADFS -#principal: the name of the attribute/assertion returned by ADFS that contains the principal's username. -#relyingParty: the identifier of the CAS Server as it has been configured in ADFS. -#tolerance: (optional) the amount of drift to allow when validating the timestamp on the token. Default: 10000 (ms) -#attributeMutator: (optional) a class (defined by you) that can modify the attributes/assertions returned by the ADFS server -#signingCertificate: ADFS's signing certificate used to validate the token/assertions issued by ADFS. -############################################################################ - -config.support.wsfederation.identifier=http://adfs.maxkey.top/adfs/services/trust -config.support.wsfederation.url=https://adfs.maxkey.top/adfs/ls/ -config.support.wsfederation.principal=upn -config.support.wsfederation.relyingParty=urn:federation:connsec -config.support.wsfederation.signingCertificate=adfs-signing.crt -config.support.wsfederation.tolerance=10000 -config.support.wsfederation.upn.suffix=maxkey.org -config.support.wsfederation.logoutUrl=https://adfs.maxkey.top/adfs/ls/?wa=wsignout1.0 -############################################################################# - -############################################################################# -# OIDC V1.0 METADATA configuration -config.oidc.metadata.issuer=${config.server.name}/maxkey -config.oidc.metadata.authorizationEndpoint=${config.server.name}/maxkey/oauth/v20/authorize -config.oidc.metadata.tokenEndpoint=${config.server.name}/maxkey/oauth/v20/token -config.oidc.metadata.userinfoEndpoint=${config.server.name}/maxkey/api/connect/userinfo - -############################################################################# -# SAML V2.0 configuration -#saml common -config.saml.v20.max.parser.pool.size=2 -config.saml.v20.assertion.validity.time.ins.seconds=90 -config.saml.v20.replay.cache.life.in.millis=14400000 -config.saml.v20.issue.instant.check.clock.skew.in.seconds=90 -config.saml.v20.issue.instant.check.validity.time.in.seconds=300 - - -#saml idp keystore -config.saml.v20.idp.keystore.password=maxkey -config.saml.v20.idp.keystore.private.key.password=maxkey -config.saml.v20.idp.keystore=classpath\:config/samlServerKeystore.jks -#keystore id for sec -config.saml.v20.idp.issuing.entity.id=maxkey.top -config.saml.v20.idp.issuer=https://sso.maxkey.top/maxkey/saml - -config.saml.v20.idp.receiver.endpoint=https\://sso.maxkey.top/ - -#saml sp keystore -config.saml.v20.sp.keystore.password=maxkey -config.saml.v20.sp.keystore.private.key.password=maxkey -config.saml.v20.sp.keystore=classpath\:config/samlClientKeystore.jks -config.saml.v20.sp.issuing.entity.id=client.maxkey.org - -#Saml v20 METADATA -config.saml.v20.metadata.orgName=maxkey -config.saml.v20.metadata.orgDisplayName=maxkey -config.saml.v20.metadata.orgURL=https://github.com/shimingxy/MaxKey -config.saml.v20.metadata.contactType=technical -config.saml.v20.metadata.company=maxkey -config.saml.v20.metadata.givenName=maxkey -config.saml.v20.metadata.surName=maxkey -config.saml.v20.metadata.emailAddress=shimingxy@163.com -config.saml.v20.metadata.telephoneNumber=4008981111 - -############################################################################ -# Social Sign On Configuration # -#you config client.id & client.secret only -############################################################################ - -############################################################################ -#sina weibo -config.socialsignon.sinaweibo.provider=sinaweibo -config.socialsignon.sinaweibo.provider.name=\u65B0\u6D6A\u5FAE\u535A -config.socialsignon.sinaweibo.icon=images/social/sinaweibo.png -config.socialsignon.sinaweibo.client.id=3379757634 -config.socialsignon.sinaweibo.client.secret=1adfdf9800299037bcab9d1c238664ba -config.socialsignon.sinaweibo.account.id=id -config.socialsignon.sinaweibo.sortorder=1 - -#Google -config.socialsignon.google.provider=google -config.socialsignon.google.provider.name=Google -config.socialsignon.google.icon=images/social/google.png -config.socialsignon.google.client.id=519914515488.apps.googleusercontent.com -config.socialsignon.google.client.secret=3aTW3Iw7e11QqMnHxciCaXTt -config.socialsignon.google.account.id=id -config.socialsignon.google.sortorder=2 - -#QQ -config.socialsignon.qq.provider=qq -config.socialsignon.qq.provider.name=QQ -config.socialsignon.qq.icon=images/social/qq.png -config.socialsignon.qq.client.id=101225363 -config.socialsignon.qq.client.secret=8577d75e0eb4a91ac549cc8be3371bfd -config.socialsignon.qq.account.id=openid -config.socialsignon.qq.sortorder=4 - -#dingtalk -config.socialsignon.dingtalk.provider=dingtalk -config.socialsignon.dingtalk.provider.name=dingtalk -config.socialsignon.dingtalk.icon=images/social/dingtalk.png -config.socialsignon.dingtalk.client.id=dingoawf2jyiwh2uzqnphg -config.socialsignon.dingtalk.client.secret=Crm7YJbMKfRlvG2i1SHpg4GHVpqF_oXiEjhmRQyiSiuzNRWpbFh9i0UjDTfhOoN9 -config.socialsignon.dingtalk.account.id=openid -config.socialsignon.dingtalk.sortorder=5 - -#Microsoft -config.socialsignon.microsoft.provider=microsoft -config.socialsignon.microsoft.provider.name=Microsoft -config.socialsignon.microsoft.icon=images/social/live.png -config.socialsignon.microsoft.client.id=24aa73b6-7928-4e64-bd64-d8682e650f95 -config.socialsignon.microsoft.client.secret=PF[_AthtjVrtWVO2mNy@CJxY1@Z8FNf5 -config.socialsignon.microsoft.account.id=id -config.socialsignon.microsoft.sortorder=6 - -#facebook -config.socialsignon.facebook.provider=facebook -config.socialsignon.facebook.provider.name=facebook -config.socialsignon.facebook.icon=images/social/facebook.png -config.socialsignon.facebook.client.id=appKey -config.socialsignon.facebook.client.secret=appSecret -config.socialsignon.facebook.account.id=id -config.socialsignon.facebook.sortorder=7