rabbitmq-server/selenium/test/oauth/uaa/uaa.yml

require_https: true
https_port: 8443

logging:
  config: /uaa/log4j2.properties

issuer:
  uri: ${UAA_URL}

encryption:
  active_key_label: CHANGE-THIS-KEY
  encryption_keys:
  - label: CHANGE-THIS-KEY
    passphrase: CHANGEME

logout:
  redirect:
    parameter:
      disable: false
      whitelist:
        ${RABBITMQ_SCHEME}://${RABBITMQ_HOST}/*
login:
  serviceProviderKey: |
    -----BEGIN RSA PRIVATE KEY-----
    MIICXQIBAAKBgQDHtC5gUXxBKpEqZTLkNvFwNGnNIkggNOwOQVNbpO0WVHIivig5
    L39WqS9u0hnA+O7MCA/KlrAR4bXaeVVhwfUPYBKIpaaTWFQR5cTR1UFZJL/OF9vA
    fpOwznoD66DDCnQVpbCjtDYWX+x6imxn8HCYxhMol6ZnTbSsFW6VZjFMjQIDAQAB
    AoGAVOj2Yvuigi6wJD99AO2fgF64sYCm/BKkX3dFEw0vxTPIh58kiRP554Xt5ges
    7ZCqL9QpqrChUikO4kJ+nB8Uq2AvaZHbpCEUmbip06IlgdA440o0r0CPo1mgNxGu
    lhiWRN43Lruzfh9qKPhleg2dvyFGQxy5Gk6KW/t8IS4x4r0CQQD/dceBA+Ndj3Xp
    ubHfxqNz4GTOxndc/AXAowPGpge2zpgIc7f50t8OHhG6XhsfJ0wyQEEvodDhZPYX
    kKBnXNHzAkEAyCA76vAwuxqAd3MObhiebniAU3SnPf2u4fdL1EOm92dyFs1JxyyL
    gu/DsjPjx6tRtn4YAalxCzmAMXFSb1qHfwJBAM3qx3z0gGKbUEWtPHcP7BNsrnWK
    vw6By7VC8bk/ffpaP2yYspS66Le9fzbFwoDzMVVUO/dELVZyBnhqSRHoXQcCQQCe
    A2WL8S5o7Vn19rC0GVgu3ZJlUrwiZEVLQdlrticFPXaFrn3Md82ICww3jmURaKHS
    N+l4lnMda79eSp3OMmq9AkA0p79BvYsLshUJJnvbk76pCjR28PK4dV1gSDUEqQMB
    qy45ptdwJLqLJCeNoR0JUcDNIRhOCuOPND7pcMtX6hI/
    -----END RSA PRIVATE KEY-----    
  serviceProviderKeyPassword: password
  serviceProviderCertificate: |
    -----BEGIN CERTIFICATE-----
    MIIDSTCCArKgAwIBAgIBADANBgkqhkiG9w0BAQQFADB8MQswCQYDVQQGEwJhdzEO
    MAwGA1UECBMFYXJ1YmExDjAMBgNVBAoTBWFydWJhMQ4wDAYDVQQHEwVhcnViYTEO
    MAwGA1UECxMFYXJ1YmExDjAMBgNVBAMTBWFydWJhMR0wGwYJKoZIhvcNAQkBFg5h
    cnViYUBhcnViYS5hcjAeFw0xNTExMjAyMjI2MjdaFw0xNjExMTkyMjI2MjdaMHwx
    CzAJBgNVBAYTAmF3MQ4wDAYDVQQIEwVhcnViYTEOMAwGA1UEChMFYXJ1YmExDjAM
    BgNVBAcTBWFydWJhMQ4wDAYDVQQLEwVhcnViYTEOMAwGA1UEAxMFYXJ1YmExHTAb
    BgkqhkiG9w0BCQEWDmFydWJhQGFydWJhLmFyMIGfMA0GCSqGSIb3DQEBAQUAA4GN
    ADCBiQKBgQDHtC5gUXxBKpEqZTLkNvFwNGnNIkggNOwOQVNbpO0WVHIivig5L39W
    qS9u0hnA+O7MCA/KlrAR4bXaeVVhwfUPYBKIpaaTWFQR5cTR1UFZJL/OF9vAfpOw
    znoD66DDCnQVpbCjtDYWX+x6imxn8HCYxhMol6ZnTbSsFW6VZjFMjQIDAQABo4Ha
    MIHXMB0GA1UdDgQWBBTx0lDzjH/iOBnOSQaSEWQLx1syGDCBpwYDVR0jBIGfMIGc
    gBTx0lDzjH/iOBnOSQaSEWQLx1syGKGBgKR+MHwxCzAJBgNVBAYTAmF3MQ4wDAYD
    VQQIEwVhcnViYTEOMAwGA1UEChMFYXJ1YmExDjAMBgNVBAcTBWFydWJhMQ4wDAYD
    VQQLEwVhcnViYTEOMAwGA1UEAxMFYXJ1YmExHTAbBgkqhkiG9w0BCQEWDmFydWJh
    QGFydWJhLmFyggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAYvBJ
    0HOZbbHClXmGUjGs+GS+xC1FO/am2suCSYqNB9dyMXfOWiJ1+TLJk+o/YZt8vuxC
    KdcZYgl4l/L6PxJ982SRhc83ZW2dkAZI4M0/Ud3oePe84k8jm3A7EvH5wi5hvCkK
    RpuRBwn3Ei+jCRouxTbzKPsuCVB+1sNyxMTXzf0=
    -----END CERTIFICATE-----    
#The secret that an external login server will use to authenticate to the uaa using the id `login`
LOGIN_SECRET: loginsecret

jwt:
  token:
    policy:
      # Will override global validity policies for the default zone only.
      accessTokenValiditySeconds: 15
      keys:
        legacy-token-key:
          signingKey: |
            -----BEGIN RSA PRIVATE KEY-----
            MIIEpAIBAAKCAQEA2dP+vRn+Kj+S/oGd49kq6+CKNAduCC1raLfTH7B3qjmZYm45
            yDl+XmgK9CNmHXkho9qvmhdksdzDVsdeDlhKIdcIWadhqDzdtn1hj/22iUwrhH0b
            d475hlKcsiZ+oy/sdgGgAzvmmTQmdMqEXqV2B9q9KFBmo4Ahh/6+d4wM1rH9kxl0
            RvMAKLe+daoIHIjok8hCO4cKQQEw/ErBe4SF2cr3wQwCfF1qVu4eAVNVfxfy/uEv
            G3Q7x005P3TcK+QcYgJxav3lictSi5dyWLgGQAvkknWitpRK8KVLypEj5WKej6CF
            8nq30utn15FQg0JkHoqzwiCqqeen8GIPteI7VwIDAQABAoIBAFsB5FszYepa11o3
            4zSPxgv4qyUjuYf3GfoNW0rRGp3nJLtoHAIYa0CcLX9kzsQfmLtxoY46mdppxr8Z
            2qUZpBdRVO7ILNfyXhthdQKI2NuyFDhtYK1p8bx6BXe095HMcvm2ohjXzPdTP4Hq
            HrXAYXjUndUbClbjMJ82AnPF8pM70kBq7g733UqkdfrMuv6/d95Jiyw4cC7dGsI3
            Ruz9DGhiAyCBtQ0tUB+6Kqn5DChSB+ccfMJjr6GnCVYmERxEQ5DJCTIX8am8C6KX
            mAxUwHMTsEGBU6GzhcUgAwUFEK3I9RptdlRFp7F8E/P0LxmPkFdgaBNUhrdnB7Y4
            01n1R1kCgYEA/huFJgwVWSBSK/XIouFuQrxZOI9JbBbdmpFT7SBGCdFg26Or9y7j
            +N5HE7yuoZ9PkBh17zzosZdsJhGocRYvO0LSq8cXvKXKCwn2fTMM7uJ/oQe68sxG
            cF/fC0M/8LvRESWShH920rrERu0s161RuasdOPre0aXu7ZQzkQ68O6MCgYEA23NO
            DHKNblBOdFEWsvotLqV8DrIbQ4le7sSgQr56/bdn9GScZk2JU0f+pqzpiGUy9bIt
            6uujvt5ar0IvpIQVdjf3dbp6Fy+Dwhd4yTR4dMdDECest7jL++/21x8Y0ywFhBIK
            yEd+QxpOLXP6qaSKTGxL2rnTXRjl8/g629xQPL0CgYEAkNNOh+jLIgjxzGxA9dRV
            62M91qaTyi8eDkJV+wgx4taaxZP7Jt5qwCSvjegz/5m01wOZ88hbNxx+XxQhVJK4
            SKZFO/I07Sfwh2oeOi0maeBdrYGiY09ZtiJuFRU3FBV3irZHU4zyRBh+VY5HyITX
            12JXPWp+JC7WhkG5QiuLzNECgYEA15OBzICLpx6Es4clAVT6JaSzJcyZM9MyyuOl
            e2ubbrpJCK/9ZBIvIPzMj/e0wiSH1wzeRrSM+ud7tkcSfk6ytptsIN67KSOoD3b3
            VNCStEU7ABe5eBG1cRzeI52MyYWpNYBzzyNMSacBvWz9hMD6ivCn44pAtGfNHclw
            KKNYvxECgYBOamf25md9Jy6rtQsJVEJWw+8sB4lBlKEEadc5qekR7ZQ0hwj8CnTm
            WOo856ynI28Sog62iw8F/do/z0B29RuGuxw+prkBkn3lg/VQXEitzqcYvota6osa
            8XSfaPiTyQwWpzbFNZzzemlTsIDiF3UqwkHvWaMYPDf4Ng3cokPPxw==
            -----END RSA PRIVATE KEY-----            

scim:
  users:
    - rabbit_admin|rabbit_admin|scim.read,openid,rabbitmq.read:*/*,rabbitmq.write:*/*,rabbitmq.configure:*/*,rabbitmq.tag:administrator
    - rabbit_admin_1|rabbit_admin_1|scim.read,openid,rmq-uaa-1.read:*/*,rmq-uaa-1.write:*/*,rmq-uaa-1.configure:*/*,rmq-uaa-1.tag:administrator
    - rabbit_admin_2|rabbit_admin_2|scim.read,openid,rmq-uaa-2.read:*/*,rmq-uaa-2.write:*/*,rmq-uaa-2.configure:*/*,rmq-uaa-2.tag:administrator
    - rabbitmq_management|rabbitmq_management|scim.read,openid,rabbitmq.read:*/*,rabbitmq.write:*/*,rabbitmq.configure:*/*,rabbitmq.tag:management
    - rabbit_monitor|rabbit_monitor|scim.read,openid,rabbitmq.tag:monitoring
    - rabbit_no_management|rabbit_no_management|scim.read,openid,rabbitmq.read:*/*
  groups:
    'rabbitmq.read:*/*': Read all
    'rabbitmq.write:*/*': Write all
    'rabbitmq.configure:*/*': Configure all
    'rabbitmq.tag:management': Management
    'rabbitmq.tag:monitoring': Monitoring
    'rabbitmq.tag:administrator': Administrator


oauth:
  # Always override clients on startup
  client:
    override: true

  # List of OAuth clients
  clients:
    admin:
      id: admin
      secret: adminsecret
      authorized-grant-types: client_credentials
      scope: none
      authorities: uaa.admin,clients.admin,clients.read,clients.write,clients.secret,scim.write,scim.read,uaa.resource
    mgt_api_client:
      id: mgt_api_client
      secret: mgt_api_client
      authorized-grant-types: client_credentials
      authorities: rabbitmq.tag:monitoring
    rabbitmq_client_code:
      id: rabbitmq_client_code
      secret: rabbitmq_client_code
      authorized-grant-types: authorization_code,refresh_token
      scope: rabbitmq.*,openid,profile
      authorities: uaa.resource,rabbitmq
      redirect-uri: ${RABBITMQ_SCHEME}://${RABBITMQ_HOST}${RABBITMQ_PATH}
      autoapprove: true
      allowpublic: true
    rabbit_idp_user:
      id: rabbit_idp_user
      secret: rabbit_idp_user
      authorized-grant-types: client_credentials
      authorities: uaa.resource,rabbitmq.tag:administrator
      redirect-uri: ${RABBITMQ_URL}
      autoapprove: true
      allowpublic: true
    mgt_api_client_2:
      id: mgt_api_client_2
      secret: mgt_api_client_2
      authorized-grant-types: client_credentials
      authorities: api://rabbitmq:management
    producer:
      id: producer
      secret: producer_secret
      authorities: rabbitmq.write:%2F/x-*,rabbitmq.write:%2F/q-*,rabbitmq.read:%2F/x-*,rabbitmq.configure:%2F/*
      authorized-grant-types: client_credentials
    consumer:
      id: consumer
      secret: consumer_secret
      authorities: rabbitmq.read:*/*,rabbitmq.configure:*/*,rabbitmq.write:*/x-*,rabbitmq.write:*/q-*
      authorized-grant-types: client_credentials
    jms_producer:
      id: jms_producer
      secret: jms_producer_secret
      authorities: rabbitmq.write:%2F/x-*,rabbitmq.write:%2F/q-*,rabbitmq.read:%2F/x-*,rabbitmq.configure:%2F/*,rabbitmq.configure:*/jms.durable.queues,rabbitmq.write:*/jms.durable.queues,rabbitmq.read:*/jms.durable.queues
      authorized-grant-types: client_credentials
    jms_consumer:
      id: jms_consumer
      secret: jms_consumer_secret
      authorities: rabbitmq.read:*/*,rabbitmq.configure:*/*,rabbitmq.write:*/x-*,rabbitmq.write:*/q-*,rabbitmq.write:*/jms.durable.queues
      authorized-grant-types: client_credentials
    producer_with_roles:
      id: producer_with_roles
      secret: producer_with_roles_secret
      authorities: rabbitmq.*,api://rabbitmq:producer,api://rabbitmq:Administrator
      authorized-grant-types: client_credentials
    consumer_with_roles:
      id: consumer_with_roles
      secret: consumer_with_roles_secret
      authorities: rabbitmq.* api://rabbitmq:Read.All,api://rabbitmq:Configure.All,api://rabbitmq:Write.All
      authorized-grant-types: client_credentials

cors:
  xhr:
    allowed:
      headers:
        - Accept
        - Authorization
        - Content-Type
        - authorization
        - content-type
        - X-Requested-With
      origin:
        - ^*$
      methods:
        - GET
        - PUT
        - POST
        - DELETE
  default:
    allowed:
      headers:
        - Accept
        - Authorization
        - Content-Type
        - authorization
        - content-type        
        - X-Requested-With
      origin:
        - ^*$
      methods:
        - GET
        - PUT
        - POST
        - DELETE