updated configuration

ErykKul · Oct 13, 2024 · 0ec91dd · 0ec91dd
1 parent 0264957
commit 0ec91dd
Show file tree

Hide file tree

Showing 3 changed files with 18 additions and 1 deletion.
diff --git a/doc/release-notes/PR-10905-OIDC-new-implementation.md b/doc/release-notes/PR-10905-OIDC-new-implementation.md
@@ -13,6 +13,11 @@ The following settings become deprecated with this change and can be removed fro
 - `dataverse.auth.oidc.pkce.max-cache-size`
 - `dataverse.auth.oidc.pkce.max-cache-age`
 
+The following settings new:
+- `dataverse.auth.oidc.issuer-identifier`
+- `dataverse.auth.oidc.issuer-identifier-field`
+- `dataverse.auth.oidc.subject-identifier-field`
+
 Also, the bearer token authentication is now always enabled. Therefore, the `dataverse.feature.api-bearer-auth` feature flag is no longer used and can be removed from the configuration as well.
 
 The new implementation relies now on the builtin OIDC support in our application server (Payara). With this change the Nimbus SDK is no longer used and is removed from the dependencies.
diff --git a/doc/sphinx-guides/source/_static/installation/files/root/auth-providers/oidc.json b/doc/sphinx-guides/source/_static/installation/files/root/auth-providers/oidc.json
@@ -3,6 +3,6 @@
     "factoryAlias":"oidc",
     "title":"<a title - shown in UI>",
     "subtitle":"<a subtitle - currently unused in UI>",
-    "factoryData":"type: oidc | issuer: <issuer url> | clientId: <client id> | clientSecret: <client secret>",
+    "factoryData":"type: oidc | issuer: <issuer url> | clientId: <client id> | clientSecret: <client secret> | issuerId: <issuer id> | issuerIdField: <issuer id field> | subjectIdField: <subject id field>",
     "enabled":true
 }
diff --git a/doc/sphinx-guides/source/installation/oidc.rst b/doc/sphinx-guides/source/installation/oidc.rst
@@ -148,6 +148,18 @@ The following options are available:
     - A subtitle, currently not displayed by the UI.
     - N
     - ``OpenID Connect``
+  * - ``dataverse.auth.oidc.issuer-identifier``
+    - Issuer identifier value as found in the JWT token claims under ``dataverse.auth.oidc.issuer-identifier-field``.
+    - N
+    - ``value from dataverse.auth.oidc.auth-server-url``
+  * - ``dataverse.auth.oidc.issuer-identifier-field``
+    - Issuer identifier field name in the JWT token claims.
+    - N
+    - ``iss``
+  * - ``dataverse.auth.oidc.subject-identifier-field``
+    - Subject identifier field name in the JWT token claims.
+    - N
+    - ``sub``
 
 .. _oidc-log-in: