Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
| Property | Description |
|---|---|
| spring.cloud.azure.active-directory.app-id-uri | App ID URI that might be used in the aud claim of an id_token. For instance, api://{applicationId}. See Microsoft doc about APP ID URL for more details. |
| spring.cloud.azure.active-directory.application-type | The type of the Microsoft Entra application. Supported types are: WEB_APPLICATION, RESOURCE_SERVER, RESOURCE_SERVER_WITH_OBO, WEB_APPLICATION_AND_RESOURCE_SERVER. The value can be inferred by dependencies, only web_application_and_resource_server must be configured manually. |
| spring.cloud.azure.active-directory.authenticate-additional-parameters | Additional parameters above the standard parameters defined in the OAuth 2.0 Authorization Framework. Would be added to the Authorization URL for customizing the Authorization Request. For instance, prompt: login. See Microsoft doc about more additional parameters information. |
| spring.cloud.azure.active-directory.authorization-clients | The OAuth2 authorization clients, contains the authorization grant type, client authentication method and scope. The clients will be converted to OAuth2 ClientRegistration, the other ClientRegistration information(such as client id, client secret) inherits from the delegated OAuth2 login client azure. For instance, authorization-clients.webapi.authorization-grant-type=on_behalf_of, authorization-clients.webapi.client-authentication-method=client_secret_post, authorization-clients.webapi.scopes[0]={WEB_API_APP_ID_URL}/WebApi.ExampleScope1, authorization-clients.webapi.scopes[0]={WEB_API_APP_ID_URL}/WebApi.ExampleScope2. |
| spring.cloud.azure.active-directory.credential.client-certificate-password | Password of the certificate file. |
| spring.cloud.azure.active-directory.credential.client-certificate-path | Path of a PFX or P12 certificate file to use when performing service principal authentication with Azure. |
| spring.cloud.azure.active-directory.credential.client-id | Client ID to use when performing service principal authentication with Azure. |
| spring.cloud.azure.active-directory.credential.client-secret | Client secret to use when performing service principal authentication with Azure. |
| spring.cloud.azure.active-directory.enabled | Whether to enable Microsoft Entra ID related auto-configuration. The default value is false. |
| spring.cloud.azure.active-directory.jwk-set-cache-lifespan | The lifespan (duration) of the cached JWK set before it expires. The default value is 5m. |
| spring.cloud.azure.active-directory.jwk-set-cache-refresh-time | The refresh time (duration) of the cached JWK set before it expires. The default value is 5m. |
| spring.cloud.azure.active-directory.jwt-connect-timeout | Connection Timeout (duration) for the JWKSet Remote URL call. The default value is 500s. @deprecated If you want to configure this, please provide a RestOperations bean. |
| spring.cloud.azure.active-directory.jwt-read-timeout | Read Timeout (duration) for the JWKSet Remote URL call. The default value is 500s. @deprecated If you want to configure this, please provide a RestOperations bean. |
| spring.cloud.azure.active-directory.jwt-size-limit | Size limit in Bytes of the JWKSet Remote URL call. The default value is 51200. @deprecated If you want to configure this, please provide a RestOperations bean. |
| spring.cloud.azure.active-directory.post-logout-redirect-uri | The redirect uri after logout. For instance, http://localhost:8080/. See Microsoft doc about Redirect URI for more details. |
| spring.cloud.azure.active-directory.profile.cloud-type | Name of the Azure cloud to connect to. Supported types are: AZURE, AZURE_CHINA, AZURE_US_GOVERNMENT, OTHER. The default value is AZURE. |
| spring.cloud.azure.active-directory.profile.environment.active-directory-endpoint | Microsoft Entra endpoint. For example: https://login.microsoftonline.com/ |
| spring.cloud.azure.active-directory.profile.environment.microsoft-graph-endpoint | Microsoft Graph endpoint. For example: https://graph.microsoft.com/ |
| spring.cloud.azure.active-directory.profile.tenant-id | Azure Tenant ID. The values allowed for tenant-id are: common, organizations, consumers, or the tenant ID. |
| spring.cloud.azure.active-directory.redirect-uri-template | Redirection Endpoint: Used by the authorization server to return responses containing authorization credentials to the client via the resource owner user-agent. The default value is {baseUrl}/login/oauth2/code/. |
| spring.cloud.azure.active-directory.resource-server.claim-to-authority-prefix-map | Configure which claim will be used to build GrantedAuthority, and prefix of the GrantedAuthority's string value. Example: If use the default value, and the access_token's scp scope value is testValue, then GrantedAuthority with SCOPE_testValue will be created. The default value is "scp" -> "SCOPE_", "roles" -> "APPROLE_". |
| spring.cloud.azure.active-directory.resource-server.principal-claim-name | Configure which claim in access token be returned in AuthenticatedPrincipal#getName. Example: If use the default value, and the access_token's sub scope value is testValue, then AuthenticatedPrincipal#getName will return testValue. The default value is sub. |
| spring.cloud.azure.active-directory.session-stateless | If true activates the stateless auth filter AADAppRoleStatelessAuthenticationFilter. The default is false, which activates AADAuthenticationFilter. The default value is false. |
| spring.cloud.azure.active-directory.user-group.allowed-group-ids | The group IDs can be used to construct GrantedAuthority. |
| spring.cloud.azure.active-directory.user-group.allowed-group-names | The group names can be used to construct GrantedAuthority. |
| spring.cloud.azure.active-directory.user-group.use-transitive-members | Whether to use transitive way to get members. If true, use v1.0/me/transitiveMemberOf to get members. Otherwise, use v1.0/me/memberOf. The default value is false. |
| spring.cloud.azure.active-directory.user-name-attribute | Decide which claim to be principal's name. |