############################################################################ # Copyright [2021] [MaxKey of copyright http://www.maxkey.top] # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. ############################################################################ #spring.profiles.active=http # ############################################################################ #server port server.port =${SERVER_PORT:443} #session default 1800 #1800s =30m #28800s=8h server.servlet.session.timeout =${SERVER_SESSION_TIMEOUT:1800} #server context path server.servlet.context-path =/maxkey #nacos discovery spring.cloud.nacos.discovery.enabled =${NACOS_DISCOVERY_ENABLED:false} spring.cloud.nacos.discovery.instance-enabled =false spring.cloud.nacos.discovery.server-addr =${NACOS_DISCOVERY_SERVER_ADDR:127.0.0.1:8848} ############################################################################ #domain name configuration # ############################################################################ maxkey.server.scheme =https maxkey.server.basedomain =${SERVER_DOMAIN:maxkey.top} maxkey.server.domain =sso.${maxkey.server.basedomain} maxkey.server.name =${maxkey.server.scheme}://${maxkey.server.domain} maxkey.server.uri =${maxkey.server.name}${server.servlet.context-path} #default.uri maxkey.server.default.uri =${maxkey.server.uri}/appList maxkey.server.mgt.uri =${maxkey.server.name}:9527/maxkey-mgt/login maxkey.server.authz.uri =${maxkey.server.name}${server.servlet.context-path} #InMemory 0 , Redis 2 maxkey.server.persistence =${SERVER_PERSISTENCE:0} #identity none, Kafka ,RocketMQ maxkey.server.message.queue =${SERVER_MESSAGE_QUEUE:none} #issuer name maxkey.app.issuer =CN=ConSec,CN=COM,CN=SH ############################################################################ #Login configuration # ############################################################################ #enable two factor,use one time password maxkey.login.mfa =${LOGIN_MFA_ENABLED:true} #TimeBasedOtpAuthn MailOtpAuthn SmsOtpAuthnYunxin SmsOtpAuthnAliyun SmsOtpAuthnTencentCloud maxkey.login.mfa.type =${LOGIN_MFA_TYPE:TimeBasedOtpAuthn} #enable social sign on maxkey.login.socialsignon =${LOGIN_SOCIAL_ENABLED:true} #Enable kerberos/SPNEGO maxkey.login.kerberos =false #wsFederation maxkey.login.wsfederation =false #remeberme maxkey.login.remeberme =${LOGIN_REMEBERME:true} #validity maxkey.login.remeberme.validity =0 #JWT support maxkey.login.jwt =${LOGIN_JWT:true} maxkey.login.jwt.issuer =${LOGIN_JWT_ISSUER:${maxkey.server.authz.uri}} #whitelist maxkey.ipaddress.whitelist =false #notices show maxkey.notices.visible =false ############################################################################ #ssl configuration # ############################################################################ server.ssl.key-store =${SSL_KEY_STORE:classpath:maxkeyserver.keystore} server.ssl.key-alias =${SSL_KEY_ALIAS:maxkey} server.ssl.enabled =${SSL_ENABLED:true} server.ssl.key-store-password =${SSL_KEY_PASSWORD:maxkey} server.ssl.key-store-type =${SSL_KEY_STORE_TYPE:JKS} ############################################################################ #database configuration # supported database # mysql # highgo # postgresql ############################################################################ spring.datasource.type =com.alibaba.druid.pool.DruidDataSource #mysql spring.datasource.driver-class-name =com.mysql.cj.jdbc.Driver spring.datasource.username =${DATABASE_USER:root} spring.datasource.password =${DATABASE_PWD:maxkey} spring.datasource.url =jdbc:mysql://${DATABASE_HOST:localhost}:${DATABASE_PORT:3306}/${DATABASE_NAME:maxkey}?autoReconnect=true&characterEncoding=UTF-8&serverTimezone=UTC #highgo #spring.datasource.driver-class-name=com.highgo.jdbc.Driver #spring.datasource.username=highgo #spring.datasource.password=High@123 #spring.datasource.url=jdbc:highgo://192.168.56.107:5866/highgo?characterEncoding=UTF-8&useUnicode=true&useSSL=false&tinyInt1isBit=false&allowPublicKeyRetrieval=true&serverTimezone=Asia/Shanghai #postgresql #spring.datasource.driver-class-name=org.postgresql.Driver #spring.datasource.username=root #spring.datasource.password=maxkey! #spring.datasource.url=jdbc:postgresql://localhost/maxkey?characterEncoding=UTF-8&useUnicode=true&useSSL=false&tinyInt1isBit=false&allowPublicKeyRetrieval=true&serverTimezone=Asia/Shanghai #mybatis mybatis.dialect =mysql mybatis.type-aliases-package =org.maxkey.entity,org.maxkey.entity.apps, mybatis.mapper-locations =classpath*:/org/maxkey/persistence/mapper/xml/${mybatis.dialect}/*.xml mybatis.table-column-snowflake-datacenter-id =1 mybatis.table-column-snowflake-machine-id =1 mybatis.table-column-escape =false mybatis.table-column-case =lowercase ############################################################################ #redis server configuration # ############################################################################ spring.redis.host =${REDIS_HOST:127.0.0.1} spring.redis.port =${REDIS_PORT:6379} spring.redis.password =${REDIS_PWD:password} spring.redis.timeout =10000 spring.redis.jedis.pool.max-wait =1000 spring.redis.jedis.pool.max-idle =200 spring.redis.lettuce.pool.max-active =-1 spring.redis.lettuce.pool.min-idle =0 ############################################################################ #mail configuration # ############################################################################ spring.mail.default-encoding =utf-8 spring.mail.host =${MAIL_HOST:smtp.163.com} spring.mail.port =${MAIL_PORT:465} spring.mail.username =${MAIL_USER:maxkey@163.com} spring.mail.password =${MAIL_PWD:password} spring.mail.protocol =smtp spring.mail.properties.ssl =true spring.mail.properties.sender =${MAIL_SENDER:maxkey@163.com} spring.mail.properties.mailotp.message.subject =MaxKey One Time PassWord spring.mail.properties.mailotp.message.template ={0} You Token is {1} , it validity in {2} minutes. spring.mail.properties.mailotp.message.type =html spring.mail.properties.mailotp.message.validity =300 ############################################################################ #Spring Session for Cluster configuration # ############################################################################ # Session store type. spring.session.store-type =none #spring.session.store-type=redis # Session timeout. If a duration suffix is not specified, seconds is used. #server.servlet.session.timeout=1800 # Sessions flush mode. #spring.session.redis.flush-mode=on_save # Namespace for keys used to store sessions. #spring.session.redis.namespace=spring:session ############################################################################ #Kafka for connectors configuration # ############################################################################ spring.kafka.bootstrap-servers =${KAFKA_SERVERS:localhost:9092} # retries spring.kafka.producer.retries =0 # acks spring.kafka.producer.acks =1 # batch-size spring.kafka.producer.batch-size =16384 # linger.ms spring.kafka.producer.properties.linger.ms =0 # buffer-memory spring.kafka.producer.buffer-memory =33554432 # serializer spring.kafka.producer.key-serializer =org.apache.kafka.common.serialization.StringSerializer spring.kafka.producer.value-serializer =org.apache.kafka.common.serialization.StringSerializer # partitioner #spring.kafka.producer.properties.partitioner.class=com.felix.kafka.producer.CustomizePartitioner ############################################################################ #RocketMQ for connectors configuration # ############################################################################ rocketmq.name-server =${ROCKETMQ_SERVERS:localhost:9876} rocketmq.producer.enable =true rocketmq.producer.group =maxkey_identity ############################################################################ #Time-based One-Time Password configuration # ############################################################################ maxkey.otp.policy.type =totp maxkey.otp.policy.digits =6 maxkey.otp.policy.issuer =${OTP_POLICY_ISSUER:MaxKey} maxkey.otp.policy.domain =${maxkey.server.domain} maxkey.otp.policy.period =30 ############################################################################ #Kerberos Login configuration # #short name of user domain must be in upper case,eg:MAXKEY # ############################################################################ maxkey.login.kerberos.default.userdomain =MAXKEY #short name of user domain must be in upper case,eg:MAXKEY.ORG maxkey.login.kerberos.default.fulluserdomain =MAXKEY.ORG #last 8Bit crypto for Kerberos web Authentication maxkey.login.kerberos.default.crypto =846KZSzYq56M6d5o #Kerberos Authentication server RUL maxkey.login.kerberos.default.redirecturi =http://sso.maxkey.top/kerberos/authn/ ############################################################################ #HTTPHEADER Login configuration # ############################################################################ maxkey.login.httpheader.enable =false maxkey.login.httpheader.headername =header-user # iv-user is for IBM Security Access Manager #config.httpheader.headername=iv-user ############################################################################ #BASIC Login support configuration # ############################################################################ maxkey.login.basic.enable =false ############################################################################# #WsFederation Login support configuration #identifier: the identifer for the ADFS server #url: the login url for ADFS #principal: the name of the attribute/assertion returned by ADFS that contains the principal's username. #relyingParty: the identifier of the CAS Server as it has been configured in ADFS. #tolerance: (optional) the amount of drift to allow when validating the timestamp on the token. Default: 10000 (ms) #attributeMutator: (optional) a class (defined by you) that can modify the attributes/assertions returned by the ADFS server #signingCertificate: ADFS's signing certificate used to validate the token/assertions issued by ADFS. ############################################################################ maxkey.login.wsfederation.identifier =http://adfs.maxkey.top/adfs/services/trust maxkey.login.wsfederation.url =https://adfs.maxkey.top/adfs/ls/ maxkey.login.wsfederation.principal =upn maxkey.login.wsfederation.relyingParty =urn:federation:connsec maxkey.login.wsfederation.signingCertificate =adfs-signing.crt maxkey.login.wsfederation.tolerance =10000 maxkey.login.wsfederation.upn.suffix =maxkey.org maxkey.login.wsfederation.logoutUrl =https://adfs.maxkey.top/adfs/ls/?wa=wsignout1.0 ############################################################################# #OIDC V1.0 METADATA configuration # ############################################################################# maxkey.oidc.metadata.issuer =${maxkey.server.authz.uri} maxkey.oidc.metadata.authorizationEndpoint =${maxkey.server.authz.uri}/authz/oauth/v20/authorize maxkey.oidc.metadata.tokenEndpoint =${maxkey.server.authz.uri}/authz/oauth/v20/token maxkey.oidc.metadata.userinfoEndpoint =${maxkey.server.authz.uri}/api/connect/userinfo ############################################################################# #SAML V2.0 configuration # ############################################################################# #saml common maxkey.saml.v20.max.parser.pool.size =2 maxkey.saml.v20.assertion.validity.time.ins.seconds =90 maxkey.saml.v20.replay.cache.life.in.millis =14400000 maxkey.saml.v20.issue.instant.check.clock.skew.in.seconds =90 maxkey.saml.v20.issue.instant.check.validity.time.in.seconds =300 #saml Identity Provider keystore maxkey.saml.v20.idp.keystore.password =maxkey maxkey.saml.v20.idp.keystore.private.key.password =maxkey maxkey.saml.v20.idp.keystore =classpath\:config/samlServerKeystore.jks #keystore Identity Provider for security maxkey.saml.v20.idp.issuing.entity.id =maxkey.top maxkey.saml.v20.idp.issuer =${maxkey.server.authz.uri}/saml maxkey.saml.v20.idp.receiver.endpoint =https\://sso.maxkey.top/ #Saml v20 Identity Provider METADATA maxkey.saml.v20.metadata.orgName =MaxKeyTop maxkey.saml.v20.metadata.orgDisplayName =MaxKeyTop maxkey.saml.v20.metadata.orgURL =https://www.maxkey.top maxkey.saml.v20.metadata.contactType =technical maxkey.saml.v20.metadata.company =MaxKeyTop maxkey.saml.v20.metadata.givenName =maxkey maxkey.saml.v20.metadata.surName =maxkey maxkey.saml.v20.metadata.emailAddress =maxkeysupport@163.com maxkey.saml.v20.metadata.telephoneNumber =4008981111 #saml RelayParty keystore maxkey.saml.v20.sp.keystore.password =maxkey maxkey.saml.v20.sp.keystore.private.key.password =maxkey maxkey.saml.v20.sp.keystore =classpath\:config/samlClientKeystore.jks maxkey.saml.v20.sp.issuing.entity.id =client.maxkey.org ############################################################################ #Management endpoints configuration # ############################################################################ management.security.enabled =false #management.endpoints.jmx.exposure.include=health,info #management.endpoints.web.exposure.include=metrics,health,info,env,prometheus management.endpoints.web.exposure.include =* management.endpoint.health.show-details =ALWAYS #Spring Boot Admin Client spring.boot.admin.client.url =${SPRING_BOOT_ADMIN_URL:http://127.0.0.1:9528} management.health.redis.enabled =false management.health.mail.enabled =false ############################################################################ #Do not modify the following configuration ############################################################################ #springfox.documentation.swagger.v2.path=/api-docs # #Swagger Configure Properties # ############################################################################ maxkey.swagger.enable =true maxkey.swagger.title =MaxKey\u5355\u70b9\u767b\u5f55\u8ba4\u8bc1\u7cfb\u7edfAPI\u6587\u6863 maxkey.swagger.description =MaxKey\u5355\u70b9\u767b\u5f55\u8ba4\u8bc1\u7cfb\u7edfAPI\u6587\u6863 maxkey.swagger.version =${application.formatted-version} springdoc.packagesToScan =org.maxkey ############################################################################ #freemarker configuration # ############################################################################ spring.freemarker.template-loader-path =classpath:/templates/views spring.freemarker.cache =false spring.freemarker.charset =UTF-8 spring.freemarker.check-template-location =true spring.freemarker.content-type =text/html spring.freemarker.expose-request-attributes =false spring.freemarker.expose-session-attributes =false spring.freemarker.request-context-attribute =request spring.freemarker.suffix =.ftl ############################################################################ #static resources configuration # ############################################################################ spring.mvc.static-path-pattern =/static/** spring.messages.basename =classpath:messages/message spring.messages.encoding =UTF-8 ############################################################################ #server servlet encoding configuration # ############################################################################ #encoding #server.servlet.encoding.charset=UTF-8 #server.servlet.encoding.enabled=true #server.servlet.encoding.force=true ############################################################################ #Servlet multipart configuration # ############################################################################ spring.servlet.multipart.enabled =true spring.servlet.multipart.max-file-size =4194304