forked from baron/baron-sso
53 lines
948 B
YAML
53 lines
948 B
YAML
serve:
|
|
proxy:
|
|
port: 4455
|
|
api:
|
|
port: 4456
|
|
|
|
log:
|
|
level: info
|
|
format: json
|
|
|
|
errors:
|
|
fallback:
|
|
- json
|
|
|
|
access_rules:
|
|
repositories:
|
|
- file:///etc/config/oathkeeper/rules.active.json
|
|
|
|
authenticators:
|
|
noop:
|
|
enabled: true
|
|
cookie_session:
|
|
enabled: true
|
|
config:
|
|
check_session_url: http://kratos:4433/sessions/whoami
|
|
preserve_path: true
|
|
extra_from: "@this"
|
|
subject_from: "identity.id"
|
|
|
|
authorizers:
|
|
allow:
|
|
enabled: true
|
|
remote_json:
|
|
enabled: true
|
|
config:
|
|
remote: http://keto:4466/check
|
|
payload: |
|
|
{
|
|
"namespace": "permissions",
|
|
"object": "{{ print .Request.URL.Path }}",
|
|
"relation": "access",
|
|
"subject_id": "{{ print .Subject }}"
|
|
}
|
|
|
|
mutators:
|
|
noop:
|
|
enabled: true
|
|
id_token:
|
|
enabled: true
|
|
config:
|
|
issuer_url: http://127.0.0.1:4456/
|
|
jwks_url: file:///etc/config/oathkeeper/jwks.json
|