Configure the application.yml file

tenant-id

Tenant ID for your azure account. You can locate your tenant ID by going to the Azure portal and viewing the tenant properties Default common

validIssuers

Locate the validIssuers setting and replace <tenant-id> with your tenant ID.

If you want to enable external B2B access to your keystore, you will also need to include these external tenants as part of the valid issuers' list.

See:
https://techcommunity.microsoft.com/t5/security-compliance-andidentity/implement-dke-b2b-scenarios/ba-p/2193201

jwtAudience

DKE Anchor service URL without trailing slash

pkcs11Lib

The absolute path of pkcs11 library from cryptoserver

Examples:

• Windows: C:\\Utimaco\\SecurityServer\\Lib\\cs_pkcs11_R<2/3>.dll

• Linux:
  /opt/utimaco/lib/libcs_pkcs11_R<2/3>.so

slotId

Change the pkcs11 slot accordingly

Default: 0

pkcsHandleMaxPoolSize

Maximum pool size for PKCS Handles

Default 10

userPIN

The PKCS11 slot user password

cacheDays

Number of days for public key cache

Default: 30

cacheDateTimeFormat

Date time format for cache filed in public key api response

Default: yyyy-MM-dd'T'HH:mm:ss

key-store

The keystore file in p12 format which is used for Tomcat Server

key-store-password

Password used to access the key store

key-password

Password used to access the key in the key store.

---
azure:
activedirectory:
tenantid: "common"
instance: "https://login.microsoftonline.com/"
authority": "https://login.microsoftonline.com/common/v2.0"
resource-server:
principalClaimName: preferred_username
tokenValidationParameters:
validIssuers: ["https://sts.windows.net/c7741b86-6a28-4c2f0-8c00-5aa7157d537b/"]
app:
jwtAudience: "https://dkeservice.smv3q.onmicrosoft.com"
allowedHosts: "*"
jwtAuthorization: "https://login.windows.net/common/oauth2/authorize"
userPrincipalAttribute: upn
pkcs11Lib: " "C:\\Program
Files\\Utimaco\\SecurityServer\\Lib\\cs_pkcs11_R<2/3>.dll""
slotId: 0
pkcsHandleMaxPoolSize: 10
userPIN: 123456
cacheDays: 30
cacheDateTimeFormat: yyyy-MM-dd'T'HH:mm:ss

server:
port: 443
ssl:
key-store: dkeservice.p12
Key-store-password: changeit
key-store-type: pkcs12
key-password: changeit

spring:
application:
name: DKEService
main:
banner-mode: "off"
mvc:
log-request-details: false
logging:
level:
org.springframework.web: INFO
file.name: dke-service.log
pattern.file: "%d{${LOG_DATEFORMAT_PATTERN:yyyy-MM-dd HH:mm:ss.SSS}} ${LOG_LEVEL_PATTERN:-%5p} ${PID:- } --- [%t] %-40.40logger{39} :
%m%n${LOG_EXCEPTION_CONVERSION_WORD:-%wEx{short}}"

---
azure:
activedirectory:
tenant-id: "common"
instance: "https://login.microsoftonline.com/"
authority": "https://login.microsoftonline.com/common/v2.0"
resource-server:
principalClaimName: preferred_username
tokenValidationParameters:
validIssuers: ["https://sts.windows.net/1f4beacd-b7aa-49b2-aaa1-b8525cb257e0/"]
app:
jwtAudience: "https://dkelinux.pls786.onmicrosoft.com"
allowedHosts: "*"
jwtAuthorization: "https://login.windows.net/common/oauth2/authorize"
userPrincipalAttribute: upn
pkcs11Lib: "/opt/utimaco/lib/libcs_pkcs11_R<2/3>.so"
slotId: 0
pkcsHandleMaxPoolSize: 10
userPIN: 123456
cacheDays: 30
cacheDateTimeFormat: yyyy-MM-dd'T'HH:mm:ss

server:
port: 443
ssl:
key-store: dkelinuxstore.p12
key-store-password: 123456
key-store-type: pkcs12
key-password: 123456

spring:
application:
name: DKEService
main:
banner-mode: "off"
mvc:
log-request-details: false
logging:
level:
org.springframework.web: INFO
file.name: dke-service.log
pattern.file: "%d{${LOG_DATEFORMAT_PATTERN:yyyy-MM-dd HH:mm:ss.SSS}} ${LOG_LEVEL_PATTERN:-%5p} ${PID:-} ---[%t] %-40.40logger{39} : %m%n${LOG_EXCEPTION_CONVERSION_WORD:-%wEx{short}}"