IdcsMtRoleMapperRxProvider (security.providers.idcs.mapper) Configuration

Multitenant IDCS role mapping provider. With default endpoint resolution, the first identity URI host label and extracted tenant IDs must be single DNS labels: 1 to 63 alphanumeric or hyphen characters, with no leading or trailing hyphen.

Type: io.helidon.security.providers.idcs.mapper.IdcsMtRoleMapperRxProvider

Config key
idcs-role-mapper
Copied

This type provides the following service implementations:

  • io.helidon.security.spi.SecurityProvider

  • io.helidon.security.spi.SubjectMappingProvider

Configuration options

Optional configuration options
keytypedefault valuedescription
cache-config 

Use explicit io.helidon.security.providers.common.EvictableCache for role caching.

default-idcs-subject-type

string

user

Configure subject type to use when requesting roles from IDCS. Can be either #IDCS_SUBJECT_TYPE_USER or #IDCS_SUBJECT_TYPE_CLIENT. Defaults to #IDCS_SUBJECT_TYPE_USER.

idcs-app-name-handler 

Configure token handler for IDCS Application name. By default the header IdcsMtRoleMapperRxProvider#IDCS_APP_HEADER is used.

idcs-tenant-handler 

Configure token handler for IDCS Tenant ID. By default the header IdcsMtRoleMapperRxProvider#IDCS_TENANT_HEADER is used. With default endpoint resolution, the extracted tenant ID must be a single DNS label: 1 to 63 alphanumeric or hyphen characters, with no leading or trailing hyphen.

oidc-config 

Use explicit io.helidon.security.providers.oidc.common.OidcConfig instance, e.g. when using it also for OIDC provider.

subject-types

SubjectType[] (USER, SERVICE)

USER

Add a supported subject type. If none added, io.helidon.security.SubjectType#USER is used. If any added, only the ones added will be used (e.g. if you want to use both io.helidon.security.SubjectType#USER and io.helidon.security.SubjectType#SERVICE, both need to be added.