Class DelineaCredentialFactory
- All Implemented Interfaces:
ICredentialFactory
CredentialFactory that reads its credentials from Delinea (formerly Thycotic) Secret Server.
To set up Delinea in the Framework, you need to set the following properties in credentialproperties.properties:
credentialFactory.class=org.frankframework.credentialprovider.delinea.DelineaCredentialFactory
credentialFactory.delinea.autoComment.value=Use this comment
credentialFactory.delinea.tenant=waf
credentialFactory.delinea.tld=eu
credentialFactory.delinea.oauth.username=username
credentialFactory.delinea.oauth.password=password
https://<tenant>.secretservercloud.<tld>/api/v1which will translate tohttps://waf.secretservercloud.eu/api/v1based on these settingshttps://<tenant>.secretservercloud.<tld>/oauth2/tokenwhich will translate tohttps://waf.secretservercloud.eu/oauth2/tokenbased on these settings
Please note that using the credentialFactory.delinea.autoComment.value is optional. If not set, the feature to comment before getting a secret will
not be used. If set, this value will be used as a comment when getting the secret. See
Delinea API documentation for more information.
Ideally you'd use the above, but you can also use a different url template, or specify the complete url by using one of the following properties
(eg: use apiRootUrl or apiRootUrlTemplate, not both. Same for the tokenUrl and tokenUrlTemplate):
# define a complete url
credentialFactory.delinea.apiRootUrl
credentialFactory.delinea.oauth.tokenUrl
# define a custom template (make sure to use %s twice for the tenant and tld placeholders)
credentialFactory.delinea.apiRootUrlTemplate=https://%s.secretservercloud.%s/api/v1
credentialFactory.delinea.oauth.tokenUrlTemplate=https://%s.secretservercloud.%s/oauth2/token
Delinea secrets are referenced by ID in an authAlias, because they are retrieved from the Secret Server by id. See the Get Secret API.
To use this CredentialFactory, you will have to set up a Delinea Secret Server within the Delinea Platform. In the documentation above we assume this is already done and that username and password properties reference an active 'local user'
- See Also:
-
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionreturn a list of all configured aliases, or null if such a list cannot be provided.getCredentials(String alias, Supplier<String> defaultUsernameSupplier, Supplier<String> defaultPasswordSupplier) booleanhasCredentials(String alias) voidinitialize() of an implementation can throw an exception when the credentialFactory cannot be properly configured and used.
-
Constructor Details
-
DelineaCredentialFactory
public DelineaCredentialFactory()
-
-
Method Details
-
initialize
public void initialize()Description copied from interface:ICredentialFactoryinitialize() of an implementation can throw an exception when the credentialFactory cannot be properly configured and used.- Specified by:
initializein interfaceICredentialFactory
-
hasCredentials
- Specified by:
hasCredentialsin interfaceICredentialFactory
-
getConfiguredAliases
Description copied from interface:ICredentialFactoryreturn a list of all configured aliases, or null if such a list cannot be provided.- Specified by:
getConfiguredAliasesin interfaceICredentialFactory
-
getCredentials
public ICredentials getCredentials(String alias, Supplier<String> defaultUsernameSupplier, Supplier<String> defaultPasswordSupplier) throws NoSuchElementException - Specified by:
getCredentialsin interfaceICredentialFactory- Throws:
NoSuchElementException
-