Using Secureable for Authentication

Using Secureable for authentication requires three steps:

PASOE Configuration

Edit conf/oeablSecurity.properties with the following values:

client.login.model=oauth2 jwtToken.signatureAlg=RS256 jwtToken.keystore.type=jwk # Replace "http://secureable.server" with the root URL of your Secureable server jwtToken.keystore.jwkurl=https://secureable.server/v1/identity/oidc/.well-known/keys jwtToken.defaultRoles=psc jwtToken.usernameField=entity_name OEClientPrincipalFilter.passthru=true OEClientPrincipalFilter.forwardToken=true # See below instructions for obtaining the value for the audience setting oauth2.resSvc.audience=fe9g5Vfcgs3ZpmKZc2XRhKH5ys

Obtaining the value for the “oauth2.resSvc.audience” setting

Issue the following POST request to your Secureable server to obtain a session ID:

curl --location --request POST 'http://secureable-server/v1/login' \ --header 'Content-Type: application/json' \ --data-raw '{ "username":"admin", "password":"admin password" }'

The response you receive should contain an id property. Copy the value of this property, then use it for your next request:

curl --location --request GET 'http://secureable-server/v1/pasoe/pasoe/oeablSecurity.properties.12.2' \ --header 'Authorization: Bearer <value_of_id_property>'

The output from the second request is a complete oeablSecurity.properties file. Find the oauth2.resSvc.audience setting and copy it to your .properties file.Angular Client Configuration

The @consultingwerk/smartcomponent-library package needs to be configured to use Secureable. This is done using the SmartComponentLibraryModule.forRoot configuration function, when you import the module. This is usually done in the @NgModule annotation of your AppModule (src/app/app.module.ts):

@NgModule({ imports: [ SmartComponentLibraryModule.forRoot({ secureableSettings: { secureableEnabled: true, secureableHost: 'https://secureable.server' // the root URL of your Secureable server secureableNamespace: 'namespace'// Optional setting for providing a custom namespace. Defaults to "default" }, serviceURI: 'http://pasoe' // the PASOE service URI to use }) ] }) export class AppModule {}