diff --git a/_infra/helm/secure-api-gateway-fapi-pep-as/templates/secret.yaml b/_infra/helm/secure-api-gateway-fapi-pep-as/templates/secret.yaml index dd7de20..4e2c98e 100644 --- a/_infra/helm/secure-api-gateway-fapi-pep-as/templates/secret.yaml +++ b/_infra/helm/secure-api-gateway-fapi-pep-as/templates/secret.yaml @@ -9,8 +9,8 @@ data: IG_AGENT_PASSWORD: {{ .Values.secrets.igAgentPassword }} IG_CLIENT_ID: {{ .Values.secrets.igClientID }} IG_CLIENT_SECRET: {{ .Values.secrets.igClientSecret }} - IG_IDM_USER: {{ .Values.secrets.igIDMUser }} - IG_IDM_PASSWORD: {{ .Values.secrets.igIDMPassword }} + IG_AS_IDM_CLIENT_SECRET: {{ .Values.secrets.igAsIdmClientSecret }} + IG_RS_IDM_CLIENT_SECRET: {{ .Values.secrets.igRsIdmClientSecret }} IG_METRICS_PASSWORD: {{ .Values.secrets.igMetricsPassword }} IG_METRICS_USERNAME: {{ .Values.secrets.igMetricsUsername }} IG_TRUSTSTORE_PASSWORD: {{ .Values.secrets.igTruststorePassword }} diff --git a/_infra/helm/secure-api-gateway-fapi-pep-as/values.yaml b/_infra/helm/secure-api-gateway-fapi-pep-as/values.yaml index e828a7d..39b50b4 100644 --- a/_infra/helm/secure-api-gateway-fapi-pep-as/values.yaml +++ b/_infra/helm/secure-api-gateway-fapi-pep-as/values.yaml @@ -103,8 +103,8 @@ secrets: igAgentPassword: "replace-me" igClientID: "replace-me" igClientSecret: "replace-me" - igIDMPassword: "replace-me" - igIDMUser: "replace-me" + igAsIdmClientSecret: "replace-me" + igRsIdmClientSecret: "replace-me" igMetricsPassword: "replace-me" igMetricsUsername: "replace-me" igTruststorePassword: "replace-me" diff --git a/config/7.3.0/fapi1part2adv/ig/config/dev/config/config.json b/config/7.3.0/fapi1part2adv/ig/config/dev/config/config.json index f1acb97..263478a 100644 --- a/config/7.3.0/fapi1part2adv/ig/config/dev/config/config.json +++ b/config/7.3.0/fapi1part2adv/ig/config/dev/config/config.json @@ -154,12 +154,9 @@ "config": { "filters": [ { - "type": "ResourceOwnerOAuth2ClientFilter", + "type": "ClientCredentialsOAuth2ClientFilter", "config": { "tokenEndpoint": "https://&{identity.platform.fqdn}/am/oauth2/realms/root/realms/&{am.realm}/access_token", - "username": "&{ig.idm.user}", - "passwordSecretId": "ig.idm.password", - "secretsProvider": "SystemAndEnvSecretStore-IAM", "scopes": [ "fr:idm:*" ], @@ -169,10 +166,10 @@ "handler": "ForgeRockClientHandler", "filters": [ { - "type": "ClientSecretBasicAuthenticationFilter", + "type": "ClientSecretPostAuthenticationFilter", "config": { - "clientId": "&{ig.client.id}", - "clientSecretId": "ig.client.secret", + "clientId": "fapi-as-ig-client", + "clientSecretId": "ig.as.idm.client.secret", "secretsProvider": "SystemAndEnvSecretStore-IAM" } } diff --git a/config/7.3.0/fapi1part2adv/ig/config/prod/config/config.json b/config/7.3.0/fapi1part2adv/ig/config/prod/config/config.json index 0964885..9d84979 100644 --- a/config/7.3.0/fapi1part2adv/ig/config/prod/config/config.json +++ b/config/7.3.0/fapi1part2adv/ig/config/prod/config/config.json @@ -142,12 +142,9 @@ "config": { "filters": [ { - "type": "ResourceOwnerOAuth2ClientFilter", + "type": "ClientCredentialsOAuth2ClientFilter", "config": { "tokenEndpoint": "https://&{identity.platform.fqdn}/am/oauth2/realms/root/realms/&{am.realm}/access_token", - "username": "&{ig.idm.user}", - "passwordSecretId": "ig.idm.password", - "secretsProvider": "SystemAndEnvSecretStore-IAM", "scopes": [ "fr:idm:*" ], @@ -157,10 +154,10 @@ "handler": "ForgeRockClientHandler", "filters": [ { - "type": "ClientSecretBasicAuthenticationFilter", + "type": "ClientSecretPostAuthenticationFilter", "config": { - "clientId": "&{ig.client.id}", - "clientSecretId": "ig.client.secret", + "clientId": "fapi-as-ig-client", + "clientSecretId": "ig.as.idm.client.secret", "secretsProvider": "SystemAndEnvSecretStore-IAM" } }