Browse Recipes

Pivotal SSO Automatic Resource Configuration

sso oauth2

Introduction

If you are using a Pivotal Platform SSO tile and it's service binding, there are ways you can create your OAuth2 application and associated resource configuration without having to manually configure the service instance or use the SSO service management app.

Configuration

In your manifest.yml, add the following entries:

  - name: ${appname}
    ...
    services:
      - sso-service-instance-name    
    ...
    env:
      GRANT_TYPE: client_credentials
      SSO_RESOURCES: |
        ${appname}-resource.execute: all actions
      SSO_AUTHORITIES: ${appname}-resource.execute
      SSO_ACCESS_TOKEN_LIFETIME: 86400
      OAUTH2_RESOURCE_ID: ${appname}-resource
      SSO_SERVICE_URL: <oauth2 server endpoint> # Usually UAA endpoint

In your application.yml, add the following:

ssoServiceUrl: ${SSO_SERVICE_URL:<default_oauth2_endpoint_url>}
security:
  oauth2:
    resource:
      jwk:
        key-set-uri: ${ssoServiceUrl}/token_keys
      id: ${OAUTH2_RESOURCE_ID}
    client:
      scope: ${security.oauth2.resource.id}.execute # the scope when configuring SSO on Pivotal Platform (can be comma-separated list)

For more detailed configuration, please refer to the Pivotal SSO Doc