119 lines
2.6 KiB
Plaintext
119 lines
2.6 KiB
Plaintext
emqx_authn_jwt {
|
|
|
|
acl_claim_name.desc:
|
|
"""JWT claim name to use for getting ACL rules."""
|
|
|
|
acl_claim_name.label:
|
|
"""ACL claim name"""
|
|
|
|
algorithm.desc:
|
|
"""JWT signing algorithm, Supports HMAC (configured as <code>hmac-based</code>) and RSA, ECDSA (configured as <code>public-key</code>)."""
|
|
|
|
algorithm.label:
|
|
"""JWT Signing Algorithm"""
|
|
|
|
cacertfile.desc:
|
|
"""Path to a file containing PEM-encoded CA certificates."""
|
|
|
|
cacertfile.label:
|
|
"""CA Certificate File"""
|
|
|
|
certfile.desc:
|
|
"""Path to a file containing the user certificate."""
|
|
|
|
certfile.label:
|
|
"""Certificate File"""
|
|
|
|
enable.desc:
|
|
"""Enable/disable SSL."""
|
|
|
|
enable.label:
|
|
"""Enable/disable SSL"""
|
|
|
|
endpoint.desc:
|
|
"""JWKS endpoint, it's a read-only endpoint that returns the server's public key set in the JWKS format."""
|
|
|
|
endpoint.label:
|
|
"""JWKS Endpoint"""
|
|
|
|
from.desc:
|
|
"""Field to take JWT from."""
|
|
|
|
from.label:
|
|
"""From Field"""
|
|
|
|
jwt_hmac.desc:
|
|
"""Configuration when the JWT for authentication is issued using the HMAC algorithm."""
|
|
|
|
jwt_jwks.desc:
|
|
"""Configuration when JWTs used for authentication need to be fetched from the JWKS endpoint."""
|
|
|
|
keyfile.desc:
|
|
"""Path to a file containing the user's private PEM-encoded key."""
|
|
|
|
keyfile.label:
|
|
"""Key File"""
|
|
|
|
jwt_public_key.desc:
|
|
"""Configuration when the JWT for authentication is issued using RSA or ECDSA algorithm."""
|
|
|
|
public_key.desc:
|
|
"""The public key used to verify the JWT."""
|
|
|
|
public_key.label:
|
|
"""Public Key"""
|
|
|
|
refresh_interval.desc:
|
|
"""JWKS refresh interval."""
|
|
|
|
refresh_interval.label:
|
|
"""JWKS Refresh Interval"""
|
|
|
|
secret.desc:
|
|
"""The key to verify the JWT using HMAC algorithm."""
|
|
|
|
secret.label:
|
|
"""Secret"""
|
|
|
|
secret_base64_encoded.desc:
|
|
"""Whether secret is base64 encoded."""
|
|
|
|
secret_base64_encoded.label:
|
|
"""Whether Secret is Base64 Encoded"""
|
|
|
|
server_name_indication.desc:
|
|
"""Server Name Indication (SNI)."""
|
|
|
|
server_name_indication.label:
|
|
"""Server Name Indication"""
|
|
|
|
ssl.desc:
|
|
"""SSL options."""
|
|
|
|
ssl.label:
|
|
"""SSL Options"""
|
|
|
|
use_jwks.desc:
|
|
"""Whether to use JWKS."""
|
|
|
|
use_jwks.label:
|
|
"""Whether to Use JWKS"""
|
|
|
|
verify.desc:
|
|
"""Enable or disable SSL peer verification."""
|
|
|
|
verify.label:
|
|
"""Verify"""
|
|
|
|
verify_claims.desc:
|
|
"""A list of custom claims to validate, which is a list of name/value pairs.
|
|
Values can use the following placeholders:
|
|
- <code>${username}</code>: Will be replaced at runtime with <code>Username</code> used by the client when connecting
|
|
- <code>${clientid}</code>: Will be replaced at runtime with <code>Client ID</code> used by the client when connecting
|
|
Authentication will verify that the value of claims in the JWT (taken from the Password field) matches what is required in <code>verify_claims</code>."""
|
|
|
|
verify_claims.label:
|
|
"""Verify Claims"""
|
|
|
|
}
|