51 lines
2.2 KiB
Plaintext
51 lines
2.2 KiB
Plaintext
## RabbitMQ configuration with 2 oauth2 resources, rabbit_prod and rabbit_dev,
|
|
## rather than a single resource_server_id
|
|
## Also, each resource is owned by its own oauth provider, i.e. RabbitMQ is
|
|
## accessed by users and clients from two different providers using their dedicated
|
|
## resource_server_id.
|
|
|
|
log.console.level = debug
|
|
|
|
auth_backends.1 = rabbit_auth_backend_oauth2
|
|
|
|
# Common auth_oauth2 settings for all resources
|
|
auth_oauth2.preferred_username_claims.1 = preferred_username
|
|
auth_oauth2.preferred_username_claims.2 = user_name
|
|
auth_oauth2.preferred_username_claims.3 = email
|
|
auth_oauth2.scope_prefix = rabbitmq.
|
|
|
|
## Resource servers hosted by this rabbitmq instance
|
|
auth_oauth2.resource_servers.1.id = rabbit_prod
|
|
auth_oauth2.resource_servers.1.oauth_provider_id = prodkeycloak
|
|
auth_oauth2.resource_servers.2.id = rabbit_dev
|
|
auth_oauth2.resource_servers.2.oauth_provider_id = devkeycloak
|
|
auth_oauth2.resource_servers.3.id = rabbit_internal
|
|
auth_oauth2.resource_servers.3.oauth_provider_id = devkeycloak
|
|
|
|
## Oauth providers
|
|
auth_oauth2.oauth_providers.devkeycloak.issuer = ${DEVKEYCLOAK_URL}
|
|
auth_oauth2.oauth_providers.devkeycloak.https.cacertfile = ${DEVKEYCLOAK_CA_CERT}
|
|
auth_oauth2.oauth_providers.devkeycloak.https.verify = verify_peer
|
|
auth_oauth2.oauth_providers.devkeycloak.https.hostname_verification = wildcard
|
|
|
|
auth_oauth2.oauth_providers.prodkeycloak.issuer = ${PRODKEYCLOAK_URL}
|
|
auth_oauth2.oauth_providers.prodkeycloak.https.cacertfile = ${PRODKEYCLOAK_CA_CERT}
|
|
auth_oauth2.oauth_providers.prodkeycloak.https.verify = verify_peer
|
|
auth_oauth2.oauth_providers.prodkeycloak.https.hostname_verification = wildcard
|
|
|
|
# Common management setting for all resources
|
|
management.oauth_enabled = true
|
|
management.oauth_scopes = openid profile rabbitmq.tag:management rabbitmq.tag:administrator
|
|
|
|
## Management ui settings for each declared resource server
|
|
management.oauth_resource_servers.1.id = rabbit_prod
|
|
management.oauth_resource_servers.1.oauth_client_id = rabbit_prod_mgt_ui
|
|
|
|
management.oauth_resource_servers.2.id = rabbit_dev
|
|
management.oauth_resource_servers.2.oauth_client_id = rabbit_dev_mgt_ui
|
|
|
|
management.oauth_resource_servers.3.id = rabbit_internal
|
|
management.oauth_resource_servers.3.disabled = true
|
|
|
|
loopback_users = none
|