charyorde · July 23, 2018 16:51 · charyorde · Jul 23, 2018
diff --git a/uaa.yml b/uaa.yml
 issuer:
    uri: http://localhost:8080/uaa
 login:
    url: http://localhost:8080/uaa
    # SAML Key Configuration
    # # The location and credentials of the certificate for this SP
    # # See README.md for details on how to create this.
    serviceProviderKey: |
        -----BEGIN RSA PRIVATE KEY-----
        MIICXQIBAAKBgQDHtC5gUXxBKpEqZTLkNvFwNGnNIkggNOwOQVNbpO0WVHIivig5
        L39WqS9u0hnA+O7MCA/KlrAR4bXaeVVhwfUPYBKIpaaTWFQR5cTR1UFZJL/OF9vA
        fpOwznoD66DDCnQVpbCjtDYWX+x6imxn8HCYxhMol6ZnTbSsFW6VZjFMjQIDAQAB
        AoGAVOj2Yvuigi6wJD99AO2fgF64sYCm/BKkX3dFEw0vxTPIh58kiRP554Xt5ges
        7ZCqL9QpqrChUikO4kJ+nB8Uq2AvaZHbpCEUmbip06IlgdA440o0r0CPo1mgNxGu
        lhiWRN43Lruzfh9qKPhleg2dvyFGQxy5Gk6KW/t8IS4x4r0CQQD/dceBA+Ndj3Xp
        ubHfxqNz4GTOxndc/AXAowPGpge2zpgIc7f50t8OHhG6XhsfJ0wyQEEvodDhZPYX
        kKBnXNHzAkEAyCA76vAwuxqAd3MObhiebniAU3SnPf2u4fdL1EOm92dyFs1JxyyL
        gu/DsjPjx6tRtn4YAalxCzmAMXFSb1qHfwJBAM3qx3z0gGKbUEWtPHcP7BNsrnWK
        vw6By7VC8bk/ffpaP2yYspS66Le9fzbFwoDzMVVUO/dELVZyBnhqSRHoXQcCQQCe
        A2WL8S5o7Vn19rC0GVgu3ZJlUrwiZEVLQdlrticFPXaFrn3Md82ICww3jmURaKHS
        N+l4lnMda79eSp3OMmq9AkA0p79BvYsLshUJJnvbk76pCjR28PK4dV1gSDUEqQMB
        qy45ptdwJLqLJCeNoR0JUcDNIRhOCuOPND7pcMtX6hI/
        -----END RSA PRIVATE KEY-----
    serviceProviderKeyPassword: password
    serviceProviderCertificate: |
        -----BEGIN CERTIFICATE-----
        MIIDSTCCArKgAwIBAgIBADANBgkqhkiG9w0BAQQFADB8MQswCQYDVQQGEwJhdzEO
        MAwGA1UECBMFYXJ1YmExDjAMBgNVBAoTBWFydWJhMQ4wDAYDVQQHEwVhcnViYTEO
        MAwGA1UECxMFYXJ1YmExDjAMBgNVBAMTBWFydWJhMR0wGwYJKoZIhvcNAQkBFg5h
        cnViYUBhcnViYS5hcjAeFw0xNTExMjAyMjI2MjdaFw0xNjExMTkyMjI2MjdaMHwx
        CzAJBgNVBAYTAmF3MQ4wDAYDVQQIEwVhcnViYTEOMAwGA1UEChMFYXJ1YmExDjAM
        BgNVBAcTBWFydWJhMQ4wDAYDVQQLEwVhcnViYTEOMAwGA1UEAxMFYXJ1YmExHTAb
        BgkqhkiG9w0BCQEWDmFydWJhQGFydWJhLmFyMIGfMA0GCSqGSIb3DQEBAQUAA4GN
        ADCBiQKBgQDHtC5gUXxBKpEqZTLkNvFwNGnNIkggNOwOQVNbpO0WVHIivig5L39W
        qS9u0hnA+O7MCA/KlrAR4bXaeVVhwfUPYBKIpaaTWFQR5cTR1UFZJL/OF9vAfpOw
        znoD66DDCnQVpbCjtDYWX+x6imxn8HCYxhMol6ZnTbSsFW6VZjFMjQIDAQABo4Ha
        MIHXMB0GA1UdDgQWBBTx0lDzjH/iOBnOSQaSEWQLx1syGDCBpwYDVR0jBIGfMIGc
        gBTx0lDzjH/iOBnOSQaSEWQLx1syGKGBgKR+MHwxCzAJBgNVBAYTAmF3MQ4wDAYD
        VQQIEwVhcnViYTEOMAwGA1UEChMFYXJ1YmExDjAMBgNVBAcTBWFydWJhMQ4wDAYD
        VQQLEwVhcnViYTEOMAwGA1UEAxMFYXJ1YmExHTAbBgkqhkiG9w0BCQEWDmFydWJh
        QGFydWJhLmFyggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAYvBJ
        0HOZbbHClXmGUjGs+GS+xC1FO/am2suCSYqNB9dyMXfOWiJ1+TLJk+o/YZt8vuxC
        KdcZYgl4l/L6PxJ982SRhc83ZW2dkAZI4M0/Ud3oePe84k8jm3A7EvH5wi5hvCkK
        RpuRBwn3Ei+jCRouxTbzKPsuCVB+1sNyxMTXzf0=
        -----END CERTIFICATE-----
    authorize:
        url: http://localhost:8080/uaa/oauth/authorize

 uaa:
  # The hostname of the UAA that this login server will connect to
  url: http://localhost:8080/uaa
  token:
    url: http://localhost:8080/uaa/oauth/token
  approvals:
    url: http://localhost:8080/uaa/approvals
  login:
    url: http://localhost:8080/uaa/authenticate
  limitedFunctionality:
    enabled: false
    whitelist:
      endpoints:
        - /oauth/authorize/**
        - /oauth/token/**
        - /check_token/**
        - /login/**
        - /login.do
        - /logout/**
        - /logout.do
        - /saml/**
        - /autologin/**
        - /authenticate/**
        - /idp_discovery/**
      methods:
        - GET
        - HEAD
        - OPTIONS

 #The secret that an external login server will use to authenticate to the uaa using the id `login`
 LOGIN_SECRET: loginsecret

 oauth:
  user:
    authorities:
      - openid
      - scim.me
      - cloud_controller.read
      - cloud_controller.write
      - cloud_controller_service_permissions.read
      - password.write
      - scim.userids
      - uaa.user
      - approvals.me
      - oauth.approvals
      - profile
      - roles
      - user_attributes
      - uaa.offline_token
  autoapprove:
    - aimsui
    - herculesui
    - chatbotmgt
    - qa
  clients:
    aimsui:
      override: true
      id: aimsui
      secret: aimsuisecret
      scope: clients_read, clients_write, openid, scim.read, scim.write, scim.userids, openid, cloud_controller.read,cloud_controller.write
      authorities: uaa.resource, clients.secret, scim.read, clients.write, scim.write, openid, cloud_controller.read, cloud_controller.write
      authorized-grant-types: client_credentials, refresh_token
      access_token_validity: 43200
    herculesui:
      override: true
      id: herculesui
      secret: herculesuisecret
      scope: clients_read, clients_write, openid, scim.read, scim.write, scim.userids, openid, cloud_controller.read, cloud_controller.write
      authorities: uaa.resource, clients.secret, scim.read, clients.write, scim.write, openid, cloud_controller.read, cloud_controller.write
      authorized-grant-types: client_credentials, refresh_token
      access_token_validity: 43200
    chatbotmgt:
      override: true
      id: chatbotmgt
      secret: chatbotmgtsecret
      scope: clients_read, clients_write, openid, scim.read, scim.write, scim.userids, openid, cloud_controller.read, cloud_controller.write
      authorities: uaa.resource, clients.secret, scim.read, clients.write, scim.write, openid, cloud_controller.read, cloud_controller.write
      authorized-grant-types: client_credentials, refresh_token
      access_token_validity: 43200
    qa:
      override: true
      id: qa
      secret: qasecret
      scope: uaa.none
      authorized-grant-types: client_credentials,refresh_token
      authorities: uaa.resource
      access_token_validity: 315569260
 jwt:
  policy:
    activeKeyId: key-id-1
    keys:
      key-id-1:
        signingKey: |
            -----BEGIN RSA PRIVATE KEY-----
            MIICXQIBAAKBgQC9O/YzZbwkKtqBSUhwi28BkJ6pwA59Ifdwf9UeIYGDJhs6DN0S
            RB23bK4BGEDC0WF3SNxT9qg8Sm7Gif61oeTS97PY3zHdeVXmNkQQcyedLwgmDQs3
            v73nzB9qBx8TCEcJA8e+oY+mqX8C3OYb8i/5v14qYsdFSnoM3IjVXu+e6QIDAQAB
            AoGADSb8vqfEgtMDqta4FTJrvbUagfvaRfI1a3lHC7gSc1YTsF4yg1F+qz//fA3+
            ekvpNUw4HBHZsY8O0ffHX0JoT+7URFW8kfWfqbiEBfcjufvbCJa+PO9OWO3AOQtN
            4TrA3mzRSWWP2DAooOB5a5N+smrSt95fvkg4QU5HpvEzO+0CQQDfEVG1amMdffoG
            jxMFieshx8viHsTh/uDjkqi3w2hpYZxAG+r7ztORuqW+eFhE0pI5KeHgrv8FCR12
            8uE441xzAkEA2SvuvkUppE8bjfja2tVw4YZ3oUtyuSSSHXvLLALkwQ+8I5/JmIg+
            RRN+fz+B3pUbAQ3bwI6ZVwCOz89SzRH8MwJAbOMwZoUrIr9W6BK5L0/2pkO4Q4XP
            h536Ozxg/Wr2sdJDCoxWNVrtrcpVk9d9BwNe+2Z1a08hD102s9S1miZp/wJBAIYX
            3FhbuDSeK/Njny7T79kxABj1zyaGcDoIQBEy0DBtGMweU4n9RgW83bSQcA4RnxTt
            i6y/3+qai5PA/e1ll4UCQQDAxA/mBI5HpOLmNrTLgQrjm0PUlrs5nUBPTCpXDnPS
            mt/ismsfvDrRtduD3eAXUG3ZWYQ07MM3V1X1xtC0HJHH
            -----END RSA PRIVATE KEY-----

 scim:
  groups:
    zones.read: Read identity zones
    zones.write: Create and update identity zones
    idps.read: Retrieve identity providers
    idps.write: Create and update identity providers
    clients.admin: Create, modify and delete OAuth clients
    clients.write: Create and modify OAuth clients
    clients.read: Read information about OAuth clients
    clients.secret: Change the password of an OAuth client
    scim.write: Create, modify and delete SCIM entities, i.e. users and groups
    scim.read: Read all SCIM entities, i.e. users and groups
    scim.create: Create users
    scim.userids: Read user IDs and retrieve users by ID
    scim.zones: Control a user's ability to manage a zone
    scim.invite: Send invitations to users
    password.write: Change your password
    oauth.approval: Manage approved scopes
    oauth.login: Authenticate users outside of the UAA
    openid: Access profile information, i.e. email, first and last name, and phone number
    groups.update: Update group information and memberships
    uaa.user: Act as a user in the UAA
    uaa.resource: Serve resources protected by the UAA
    uaa.admin: Act as an administrator throughout the UAA
    uaa.none: Forbid acting as a user
    uaa.offline_token: Allow offline access
  userids_enabled: true

 spring_profiles: default,mysql
 database:
    driverClassName: org.mariadb.jdbc.Driver
    url: jdbc:mysql://localhost:3306/uaa
    username: root
    password: root
 #spring_profiles: default,postgresql
 #database:
    #driverClassName: org.postgresql.Driver
    #url: jdbc:postgresql://localhost:5432/uam
    #username: root
    #password: r00tu$5r

 require_https: false
	issuer:
	uri: http://localhost:8080/uaa
	login:
	url: http://localhost:8080/uaa
	# SAML Key Configuration
	# # The location and credentials of the certificate for this SP
	# # See README.md for details on how to create this.
	serviceProviderKey: \|
	-----BEGIN RSA PRIVATE KEY-----
	MIICXQIBAAKBgQDHtC5gUXxBKpEqZTLkNvFwNGnNIkggNOwOQVNbpO0WVHIivig5
	L39WqS9u0hnA+O7MCA/KlrAR4bXaeVVhwfUPYBKIpaaTWFQR5cTR1UFZJL/OF9vA
	fpOwznoD66DDCnQVpbCjtDYWX+x6imxn8HCYxhMol6ZnTbSsFW6VZjFMjQIDAQAB
	AoGAVOj2Yvuigi6wJD99AO2fgF64sYCm/BKkX3dFEw0vxTPIh58kiRP554Xt5ges
	7ZCqL9QpqrChUikO4kJ+nB8Uq2AvaZHbpCEUmbip06IlgdA440o0r0CPo1mgNxGu
	lhiWRN43Lruzfh9qKPhleg2dvyFGQxy5Gk6KW/t8IS4x4r0CQQD/dceBA+Ndj3Xp
	ubHfxqNz4GTOxndc/AXAowPGpge2zpgIc7f50t8OHhG6XhsfJ0wyQEEvodDhZPYX
	kKBnXNHzAkEAyCA76vAwuxqAd3MObhiebniAU3SnPf2u4fdL1EOm92dyFs1JxyyL
	gu/DsjPjx6tRtn4YAalxCzmAMXFSb1qHfwJBAM3qx3z0gGKbUEWtPHcP7BNsrnWK
	vw6By7VC8bk/ffpaP2yYspS66Le9fzbFwoDzMVVUO/dELVZyBnhqSRHoXQcCQQCe
	A2WL8S5o7Vn19rC0GVgu3ZJlUrwiZEVLQdlrticFPXaFrn3Md82ICww3jmURaKHS
	N+l4lnMda79eSp3OMmq9AkA0p79BvYsLshUJJnvbk76pCjR28PK4dV1gSDUEqQMB
	qy45ptdwJLqLJCeNoR0JUcDNIRhOCuOPND7pcMtX6hI/
	-----END RSA PRIVATE KEY-----
	serviceProviderKeyPassword: password
	serviceProviderCertificate: \|
	-----BEGIN CERTIFICATE-----
	MIIDSTCCArKgAwIBAgIBADANBgkqhkiG9w0BAQQFADB8MQswCQYDVQQGEwJhdzEO
	MAwGA1UECBMFYXJ1YmExDjAMBgNVBAoTBWFydWJhMQ4wDAYDVQQHEwVhcnViYTEO
	MAwGA1UECxMFYXJ1YmExDjAMBgNVBAMTBWFydWJhMR0wGwYJKoZIhvcNAQkBFg5h
	cnViYUBhcnViYS5hcjAeFw0xNTExMjAyMjI2MjdaFw0xNjExMTkyMjI2MjdaMHwx
	CzAJBgNVBAYTAmF3MQ4wDAYDVQQIEwVhcnViYTEOMAwGA1UEChMFYXJ1YmExDjAM
	BgNVBAcTBWFydWJhMQ4wDAYDVQQLEwVhcnViYTEOMAwGA1UEAxMFYXJ1YmExHTAb
	BgkqhkiG9w0BCQEWDmFydWJhQGFydWJhLmFyMIGfMA0GCSqGSIb3DQEBAQUAA4GN
	ADCBiQKBgQDHtC5gUXxBKpEqZTLkNvFwNGnNIkggNOwOQVNbpO0WVHIivig5L39W
	qS9u0hnA+O7MCA/KlrAR4bXaeVVhwfUPYBKIpaaTWFQR5cTR1UFZJL/OF9vAfpOw
	znoD66DDCnQVpbCjtDYWX+x6imxn8HCYxhMol6ZnTbSsFW6VZjFMjQIDAQABo4Ha
	MIHXMB0GA1UdDgQWBBTx0lDzjH/iOBnOSQaSEWQLx1syGDCBpwYDVR0jBIGfMIGc
	gBTx0lDzjH/iOBnOSQaSEWQLx1syGKGBgKR+MHwxCzAJBgNVBAYTAmF3MQ4wDAYD
	VQQIEwVhcnViYTEOMAwGA1UEChMFYXJ1YmExDjAMBgNVBAcTBWFydWJhMQ4wDAYD
	VQQLEwVhcnViYTEOMAwGA1UEAxMFYXJ1YmExHTAbBgkqhkiG9w0BCQEWDmFydWJh
	QGFydWJhLmFyggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAYvBJ
	0HOZbbHClXmGUjGs+GS+xC1FO/am2suCSYqNB9dyMXfOWiJ1+TLJk+o/YZt8vuxC
	KdcZYgl4l/L6PxJ982SRhc83ZW2dkAZI4M0/Ud3oePe84k8jm3A7EvH5wi5hvCkK
	RpuRBwn3Ei+jCRouxTbzKPsuCVB+1sNyxMTXzf0=
	-----END CERTIFICATE-----
	authorize:
	url: http://localhost:8080/uaa/oauth/authorize

	uaa:
	# The hostname of the UAA that this login server will connect to
	url: http://localhost:8080/uaa
	token:
	url: http://localhost:8080/uaa/oauth/token
	approvals:
	url: http://localhost:8080/uaa/approvals
	login:
	url: http://localhost:8080/uaa/authenticate
	limitedFunctionality:
	enabled: false
	whitelist:
	endpoints:
	- /oauth/authorize/**
	- /oauth/token/**
	- /check_token/**
	- /login/**
	- /login.do
	- /logout/**
	- /logout.do
	- /saml/**
	- /autologin/**
	- /authenticate/**
	- /idp_discovery/**
	methods:
	- GET
	- HEAD
	- OPTIONS

	#The secret that an external login server will use to authenticate to the uaa using the id `login`
	LOGIN_SECRET: loginsecret

	oauth:
	user:
	authorities:
	- openid
	- scim.me
	- cloud_controller.read
	- cloud_controller.write
	- cloud_controller_service_permissions.read
	- password.write
	- scim.userids
	- uaa.user
	- approvals.me
	- oauth.approvals
	- profile
	- roles
	- user_attributes
	- uaa.offline_token
	autoapprove:
	- aimsui
	- herculesui
	- chatbotmgt
	- qa
	clients:
	aimsui:
	override: true
	id: aimsui
	secret: aimsuisecret
	scope: clients_read, clients_write, openid, scim.read, scim.write, scim.userids, openid, cloud_controller.read,cloud_controller.write
	authorities: uaa.resource, clients.secret, scim.read, clients.write, scim.write, openid, cloud_controller.read, cloud_controller.write
	authorized-grant-types: client_credentials, refresh_token
	access_token_validity: 43200
	herculesui:
	override: true
	id: herculesui
	secret: herculesuisecret
	scope: clients_read, clients_write, openid, scim.read, scim.write, scim.userids, openid, cloud_controller.read, cloud_controller.write
	authorities: uaa.resource, clients.secret, scim.read, clients.write, scim.write, openid, cloud_controller.read, cloud_controller.write
	authorized-grant-types: client_credentials, refresh_token
	access_token_validity: 43200
	chatbotmgt:
	override: true
	id: chatbotmgt
	secret: chatbotmgtsecret
	scope: clients_read, clients_write, openid, scim.read, scim.write, scim.userids, openid, cloud_controller.read, cloud_controller.write
	authorities: uaa.resource, clients.secret, scim.read, clients.write, scim.write, openid, cloud_controller.read, cloud_controller.write
	authorized-grant-types: client_credentials, refresh_token
	access_token_validity: 43200
	qa:
	override: true
	id: qa
	secret: qasecret
	scope: uaa.none
	authorized-grant-types: client_credentials,refresh_token
	authorities: uaa.resource
	access_token_validity: 315569260
	jwt:
	policy:
	activeKeyId: key-id-1
	keys:
	key-id-1:
	signingKey: \|
	-----BEGIN RSA PRIVATE KEY-----
	MIICXQIBAAKBgQC9O/YzZbwkKtqBSUhwi28BkJ6pwA59Ifdwf9UeIYGDJhs6DN0S
	RB23bK4BGEDC0WF3SNxT9qg8Sm7Gif61oeTS97PY3zHdeVXmNkQQcyedLwgmDQs3
	v73nzB9qBx8TCEcJA8e+oY+mqX8C3OYb8i/5v14qYsdFSnoM3IjVXu+e6QIDAQAB
	AoGADSb8vqfEgtMDqta4FTJrvbUagfvaRfI1a3lHC7gSc1YTsF4yg1F+qz//fA3+
	ekvpNUw4HBHZsY8O0ffHX0JoT+7URFW8kfWfqbiEBfcjufvbCJa+PO9OWO3AOQtN
	4TrA3mzRSWWP2DAooOB5a5N+smrSt95fvkg4QU5HpvEzO+0CQQDfEVG1amMdffoG
	jxMFieshx8viHsTh/uDjkqi3w2hpYZxAG+r7ztORuqW+eFhE0pI5KeHgrv8FCR12
	8uE441xzAkEA2SvuvkUppE8bjfja2tVw4YZ3oUtyuSSSHXvLLALkwQ+8I5/JmIg+
	RRN+fz+B3pUbAQ3bwI6ZVwCOz89SzRH8MwJAbOMwZoUrIr9W6BK5L0/2pkO4Q4XP
	h536Ozxg/Wr2sdJDCoxWNVrtrcpVk9d9BwNe+2Z1a08hD102s9S1miZp/wJBAIYX
	3FhbuDSeK/Njny7T79kxABj1zyaGcDoIQBEy0DBtGMweU4n9RgW83bSQcA4RnxTt
	i6y/3+qai5PA/e1ll4UCQQDAxA/mBI5HpOLmNrTLgQrjm0PUlrs5nUBPTCpXDnPS
	mt/ismsfvDrRtduD3eAXUG3ZWYQ07MM3V1X1xtC0HJHH
	-----END RSA PRIVATE KEY-----

	scim:
	groups:
	zones.read: Read identity zones
	zones.write: Create and update identity zones
	idps.read: Retrieve identity providers
	idps.write: Create and update identity providers
	clients.admin: Create, modify and delete OAuth clients
	clients.write: Create and modify OAuth clients
	clients.read: Read information about OAuth clients
	clients.secret: Change the password of an OAuth client
	scim.write: Create, modify and delete SCIM entities, i.e. users and groups
	scim.read: Read all SCIM entities, i.e. users and groups
	scim.create: Create users
	scim.userids: Read user IDs and retrieve users by ID
	scim.zones: Control a user's ability to manage a zone
	scim.invite: Send invitations to users
	password.write: Change your password
	oauth.approval: Manage approved scopes
	oauth.login: Authenticate users outside of the UAA
	openid: Access profile information, i.e. email, first and last name, and phone number
	groups.update: Update group information and memberships
	uaa.user: Act as a user in the UAA
	uaa.resource: Serve resources protected by the UAA
	uaa.admin: Act as an administrator throughout the UAA
	uaa.none: Forbid acting as a user
	uaa.offline_token: Allow offline access
	userids_enabled: true

	spring_profiles: default,mysql
	database:
	driverClassName: org.mariadb.jdbc.Driver
	url: jdbc:mysql://localhost:3306/uaa
	username: root
	password: root
	#spring_profiles: default,postgresql
	#database:
	#driverClassName: org.postgresql.Driver
	#url: jdbc:postgresql://localhost:5432/uam
	#username: root
	#password: r00tu$5r

	require_https: false