TABLE OF CONTENTS
1. Root element and types
The UAA configuration file starts with the --- and then contains different configuration elements:
2. LDAP integration configuration
ldap - a container for UAA integration configuration with Domain Controller over LDAP.
domain - a part of user login which follows after "@".
providerUrl - LDAP connection URL.
type - supported values: OPEN_LDAP, ACTIVE_DIRECTORY. Optional parameter. By default: OPEN_LDAP
systemUser - system LDAP user which used for searching user groups (must have read permissions)
systemPassword - system LDAP user password
groupSearchBase - the base DN from which the search for group membership should be performed.
groupSearchSubtree - enable searching of the entire tree below the groupSearchBase.
userDnPattern - pattern which are used as potential DN matches.
attribute - LDAP user attribute mapping container
key - XM UserDTO field, value - LDAP attribute name
role - a container for roles configuration.
defaultRole - default role which will be assigned if no one role is matched
mapping - LDAP role mapping to the XM roles.
key - LDAP CN of the group, value - XM role.
3. External authentication configuration
XME.digital is going to integrate any social login providers with oAuth 2.0 support via configuration. First of all, you need to get security settings from the social provider and then apply it into the XME.digital external authentication configuration.
social - a container with array of integration configuration for each authentication over oAuth 2.0.
providerId - a provider identification, it can be the name of the provider (facebook, google etc).
clientId- a client ID from the external system.
clientSecret - a client secret from the external system.
authorizeUrl - a external system URL for the authorization initialization.
useParametersForClientAuthentication - if true then clientId and clientSecret will be placed in URL, else in headers. By default: true.
accessTokenUrl - a external system URL for exchanging a code to the token.
scope - defines the specific actions applications can be allowed to do on a user's behalf.
userInfoUri - a external system URL to fetch user information.
tokenStrategy - defines the way to pass token to fetch user information. It could has values: AUTHORIZATION_HEADER or ACCESS_TOKEN_PARAMETER or OAUTH_TOKEN_PARAMETER. By default: AUTHORIZATION_HEADER
createAccountAutomatically - allows create new account in the UAA. By default:true.
baseUrl - defines UAA callback prefix.
userInfoMapping - a container with external user infromation mapping to use the UAA account. It's path field like response.user_info.first_name or simple family_name.
id - mapping for the account ID. It is required for authentication detection.
name - mapping for the account name.
firstName - mapping for the account first name.
lastName - mapping for the account last name.
email - mapping for the account email.
username - if set, UAA will try to use it as nickname, and it should be unique.
profileUrl - mapping for the account profile URL.
imageUrl - mapping for the account avatar URL.
phoneNumber - mapping for the account phone number.
langKey - mapping for the account preferred language.
Mobile ID authentication is possible to integration via configuration into the XME.digital, as it is supported Auth 2.0.
XME.digital sign-in page with Mobile ID:
Mobile ID page with the sign-in form:
Mobile ID page with operation code:
Mobile phone with operation code:
Mobile phone with entering PIN:
XME.digital signed-in user over Mobile ID:
4. Public Settings configuration
publicSettings -a container for public settings.
passwordSettings - password settings container.
minLength - minimun password length.
maxLength - maximun password length.
enableBackEndValidation - defines the server side validation (true/false).
passwordPolicies- password policies settings container.
pattern -regular expression string that will be applied to password.
patternMessage -object with translations of messages that describes policy requirements
passwordPoliciesMinimalMatchCoun- number of required password policies passed to accept password.