Versions Compared

Old Version 10

changes.mady.by.user Patrik Buhr

Saved on

compared with

New Version Current

changes.mady.by.user Björn Magnusson

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

CERT_PATH  the file path to an x.509 cert to be used for TLS.
CERT_KEY_PATH the file path to a file containing the private key of the cert.
ROOT_CA_CERTS_PATH optional file path to a file containing the trusted (CA) certs used by the Authentication Provider.
LOG_LEVEL an optional level of the log (Info, Debug, Trace, Warn, Error). Defaults to Info.
CREDS_GRANT_TYPE used for authentication, Client Credentials grant type.
CREDS_CLIENT_SECRET used for authentication, Client Secret.
CREDS_CLIENT_ID used for authentication, Client ID.
OUTPUT_FILE the file path of the file in which the fetched authorization token shall be stored.
AUTH_SERVICE_URL used for authentication, the URL to the authentication service.
REFRESH_MARGIN_SECONDS defines how long time in advance the token is refreshed (before it expires). Default is 5 seconds.


The Authentication Support Service is available as a docker image (example path to staging repo)

nexus3.o-ran-sc.org:10004/o-ran-sc_nonrtric-auth-token-fetch

A typical useage of the image in kubernetes as a sidecar container may look like this where the application container and the sidecar container share an "emptyDir" volume. This volume is shared between the containers during the lifetime of the pod.

Deployment manifest example

Code Block
languageyml
titleExample yaml
     ...... 
     containers:
      - name: informationservice
        image: nexus3.o-ran-sc.org:10004/o-ran-sc_nonrtric-information-coordinator-service:1.3.0
        imagePullPolicy: Always
        ports:
        - name: http
          containerPort: 8083
        - name: https
          containerPort: 8434
        volumeMounts:
        - mountPath: /token-cache
          name: token-cache-volume
      - name: authsidecar
        image: nexus3.o-ran-sc.org:10004/o-ran-sc/nonrtric-auth-token-fetch:1.0.0
        imagePullPolicy: Always
        env:
        - name: CREDS_GRANT_TYPE
          value: client_credentials
        - name: CREDS_CLIENT_SECRET
          value: XXXXXXX
        - name: CREDS_CLIENT_ID
          value: icsc
        - name: OUTPUT_FILE
          value: /token-cache/jwt.txt
        - name: AUTH_SERVICE_URL
          value: http://keycloak.keycloak:80/realms/nrtrealm/protocol/openid-connect/token
        volumeMounts:
        - mountPath: /token-cache
          name: token-cache-volume
      volumes:
      - name: token-cache-volume
        emptyDir: {}







View file
nameAuthentificationSupport.odp
height250