Contribute in GitHub:
Open doc issue|Edit online
Description
The example YAML file provided below contains a basic YAML configuration for an IBM® Application Gateway (IAG) container which:
- Specifies a server certificate;
- Configures an IBM Security Verify tenant as the OAuth introspection endpoint;
Example YAML
version: "24.06"
#
# Configure an IAG container with a very basic configuration. This
# configuration will simply define a server certificate, and configure an IBM
# Security Verify tenant as the OAuth introspection endpoint.
#
#
# Specify a server certificate to be used by the container. The server
# certificate was created using an openssl command:
# openssl req -newkey rsa:2048 -nodes -keyout key.pem -x509 -days 365 \
# -out cert.pem
#
# To remove the dependency on external files a base-64 representation of the
# key.pem and cert.pem files can be embedded within this YAML, where the
# base-64 encoded file is prefixed with 'B64:', for example:
# "B64:PGhy4KICAgIDxoND5...."
#
# If no certificate is specified a self-signed certificate will be
# automatically created and used by the container.
#
server:
ssl:
front_end:
certificate:
- "@cert.pem"
- "@key.pem"
#
# Specify an IBM Security Verify tenant as the OAuth introspection endpoint for
# the container. Please note that the values provided below are for
# illustrative purposes only and don't reflect a real tenant. A free tenant
# can be created using the instructions found at the following URL:
# https://www.ibm.com/us-en/marketplace/cloud-identity-for-consumers
#
identity:
- name: Verify
attributes:
- +*
client_id: c10e5e0b-1019-49b8-b7e2-600af9310e010
client_secret: t21bxcYY92
introspection_endpoint: "https://ibm-app-gw.verify.ibm.com/v1.0/endpoint/default/introspect"
mapped_identity: "{sub}"
multi_valued_scope: true
restricted: false
token_type_hint: access_token
auth_method: client_secret_post