diff --git a/_infra/helm/secure-api-gateway-fapi-pep-rs-ob/templates/secret.yaml b/_infra/helm/secure-api-gateway-fapi-pep-rs-ob/templates/secret.yaml index 86da70bd..83d9c365 100644 --- a/_infra/helm/secure-api-gateway-fapi-pep-rs-ob/templates/secret.yaml +++ b/_infra/helm/secure-api-gateway-fapi-pep-rs-ob/templates/secret.yaml @@ -9,8 +9,8 @@ data: IG_AGENT_PASSWORD: {{ .Values.secrets.igAgentPassword }} IG_CLIENT_ID: {{ .Values.secrets.igClientID }} IG_CLIENT_SECRET: {{ .Values.secrets.igClientSecret }} - IG_IDM_USER: {{ .Values.secrets.igIDMUser }} - IG_IDM_PASSWORD: {{ .Values.secrets.igIDMPassword }} + IG_AS_IDM_CLIENT_SECRET: {{ .Values.secrets.igAsIdmClientSecret }} + IG_RS_IDM_CLIENT_SECRET: {{ .Values.secrets.igRsIdmClientSecret }} IG_METRICS_PASSWORD: {{ .Values.secrets.igMetricsPassword }} IG_METRICS_USERNAME: {{ .Values.secrets.igMetricsUsername }} IG_TRUSTSTORE_PASSWORD: {{ .Values.secrets.igTruststorePassword }} diff --git a/_infra/helm/secure-api-gateway-fapi-pep-rs-ob/values.yaml b/_infra/helm/secure-api-gateway-fapi-pep-rs-ob/values.yaml index 29f8ea31..3d1e8716 100644 --- a/_infra/helm/secure-api-gateway-fapi-pep-rs-ob/values.yaml +++ b/_infra/helm/secure-api-gateway-fapi-pep-rs-ob/values.yaml @@ -113,8 +113,8 @@ secrets: igAgentPassword: "replace-me" igClientID: "replace-me" igClientSecret: "replace-me" - igIDMPassword: "replace-me" - igIDMUser: "replace-me" + igAsIdmClientSecret: "replace-me" + igRsIdmClientSecret: "replace-me" igMetricsPassword: "replace-me" igMetricsUsername: "replace-me" igOBASPSPSigningKeystoreKeypass: "replace-me" diff --git a/config/7.3.0/securebanking/ig/config/dev/config/config.json b/config/7.3.0/securebanking/ig/config/dev/config/config.json index 9b43c1ee..b4a7b8c9 100644 --- a/config/7.3.0/securebanking/ig/config/dev/config/config.json +++ b/config/7.3.0/securebanking/ig/config/dev/config/config.json @@ -147,12 +147,9 @@ "config": { "filters": [ { - "type": "ResourceOwnerOAuth2ClientFilter", - "config": { + "type": "ClientCredentialsOAuth2ClientFilter", + "config":{ "tokenEndpoint": "https://&{identity.platform.fqdn}/am/oauth2/realms/root/realms/&{am.realm}/access_token", - "username": "&{ig.idm.user}", - "passwordSecretId": "ig.idm.password", - "secretsProvider": "SystemAndEnvSecretStore-IAM", "scopes": [ "fr:idm:*" ], @@ -162,10 +159,10 @@ "handler": "ForgeRockClientHandler", "filters": [ { - "type": "ClientSecretBasicAuthenticationFilter", + "type": "ClientSecretPostAuthenticationFilter", "config": { - "clientId": "&{ig.client.id}", - "clientSecretId": "ig.client.secret", + "clientId": "fapi-rs-ig-client", + "clientSecretId": "ig.rs.idm.client.secret", "secretsProvider": "SystemAndEnvSecretStore-IAM" } } diff --git a/config/7.3.0/securebanking/ig/config/prod/config/config.json b/config/7.3.0/securebanking/ig/config/prod/config/config.json index 30eb069d..be59d0ee 100644 --- a/config/7.3.0/securebanking/ig/config/prod/config/config.json +++ b/config/7.3.0/securebanking/ig/config/prod/config/config.json @@ -135,12 +135,9 @@ "config": { "filters": [ { - "type": "ResourceOwnerOAuth2ClientFilter", + "type": "ClientCredentialsOAuth2ClientFilter", "config": { "tokenEndpoint": "https://&{identity.platform.fqdn}/am/oauth2/realms/root/realms/&{am.realm}/access_token", - "username": "&{ig.idm.user}", - "passwordSecretId": "ig.idm.password", - "secretsProvider": "SystemAndEnvSecretStore-IAM", "scopes": [ "fr:idm:*" ], @@ -150,10 +147,10 @@ "handler": "ForgeRockClientHandler", "filters": [ { - "type": "ClientSecretBasicAuthenticationFilter", + "type": "ClientSecretPostAuthenticationFilter", "config": { - "clientId": "&{ig.client.id}", - "clientSecretId": "ig.client.secret", + "clientId": "fapi-rs-ig-client", + "clientSecretId": "ig.rs.idm.client.secret", "secretsProvider": "SystemAndEnvSecretStore-IAM" } }