OpenID Bridge Configuration Reference

This reference documents the configuration variables used by OpenID Bridge. As a Spring Boot application, it supports additional standard Spring Boot properties beyond those listed here. For comprehensive Spring Boot configuration options, refer to the Spring Boot Common Application Properties.

The variables documented below are either:

• Required for OpenID Bridge functionality
• Commonly configured for typical deployments
• Custom properties specific to Procivis One

Database Configuration

MariaDB Container Configuration

The following variables configure the Bridge's MariaDB database container:

Variable	Type	Default	Description
MARIADB_USER	string	-	MariaDB user
MARIADB_PASSWORD	string	-	MariaDB password
MARIADB_DATABASE	string	-	MariaDB database name
MARIADB_ROOT_PASSWORD	string	-	MariaDB root password

Database Connection Variables

The Bridge uses the following variables to construct the database connection. These should reference the MariaDB container values above:

Variable	Type	Default	Description
MYSQL_HOST	string	-	MySQL/MariaDB hostname
MYSQL_DB	string	-	MySQL/MariaDB database name (must match MARIADB_DATABASE)
MYSQL_USER	string	-	MySQL/MariaDB username (must match MARIADB_USER)
MYSQL_PASSWORD	string	-	MySQL/MariaDB password (must match MARIADB_PASSWORD)

Spring Database Configuration

Spring Boot uses these variables to establish database connections, typically referencing the MYSQL_* variables above:

Variable	Type	Default	Description
spring.datasource.url	string	-	Database connection URL (format: jdbc:mysql://${MYSQL_HOST}:port/${MYSQL_DB})
spring.datasource.username	string	-	Database username (typically references ${MYSQL_USER})
spring.datasource.password	string	-	Database password (typically references ${MYSQL_PASSWORD})
spring.datasource.hikari.connectionTimeout	integer	30000	Maximum time (ms) to wait for connection from pool
spring.datasource.hikari.maximumPoolSize	integer	10	Maximum number of connections in the pool
spring.flyway.enabled	boolean	true	Enable/disable Flyway database migrations
spring.flyway.locations	string	classpath:db/migration	Location of Flyway migration scripts
spring.jpa.hibernate.ddl-auto	string	-	Hibernate DDL auto mode (for example, validate, update, create)
spring.jpa.open-in-view	boolean	true	Enable Open Session in View pattern

Server and HTTP Settings

Variable	Type	Default	Description
server.port	integer	8080	HTTP port for the application server
server.tomcat.accessLogEnabled	boolean	false	Enable Tomcat access logging
server.tomcat.accessLogPattern	string	-	Pattern for Tomcat access logs (for example, "%a %t %r %s %b")
server.tomcat.relaxed-query-chars	string	-	Characters allowed in URL query strings without encoding
spring.mvc.async.request-timeout	integer	-	Async request timeout in milliseconds (30 minutes recommended for large CSV exports)

Service Integration

Core Integration

All BFF deployments require integration with the Procivis One Core service.

Variable	Type	Default	Description
core.enabled	boolean	-	Enable Core service integration
core.url	string	-	Core service base URL
core.api.url	string	-	Core API endpoint URL (typically ${core.url}/api)
core.api.authentication	string	-	Authentication mode: UNSAFE_NONE, UNSAFE_STATIC, or STS
core.api.staticToken	string	-	Static authentication token if using UNSAFE_STATIC mode (must match Core's app.authToken or ONE_app__authToken)

Frontend Integration

Variable	Type	Default	Description
frontend.url	string	-	Client-facing frontend domain URL

Authentication

Variable	Type	Default	Description
auth.mode	string	-	Authentication mode: UNSAFE_NONE, UNSAFE_STATIC, or STS
auth.staticToken	string	-	Static authentication token (if using UNSAFE_STATIC mode)
auth.stsTokenValidation.aud	string	-	Expected audience claim for STS token validation
auth.stsTokenValidation.iss	string	-	Expected issuer claim for STS token validation
auth.stsTokenValidation.jwksUri	string	-	JWKS endpoint URL for STS token verification
auth.stsTokenValidation.ttlJwks	integer	-	Time-to-live for cached JWKS keys (in seconds)

OAuth2/OIDC Client Configuration

Configuration for OAuth2 client registration with Keycloak (or alternative identity provider).

Variable	Type	Default	Description
spring.security.oauth2.client.registration.keycloakClient.client-id	string	-	OAuth2 client ID for Keycloak integration
spring.security.oauth2.client.registration.keycloakClient.client-secret	string	-	OAuth2 client secret for Keycloak integration
spring.security.oauth2.client.registration.keycloakClient.provider	string	-	OAuth2 provider name (typically keycloak)
spring.security.oauth2.client.registration.keycloakClient.authorization-grant-type	string	-	OAuth2 grant type (for example, authorization_code, client_credentials)
spring.security.oauth2.client.provider.keycloak.token-uri	string	-	Keycloak token endpoint URL

OIDC Provider Configuration

Configuration for the OIDC provider functionality of this service.

Variable	Type	Default	Description
oidc.scopes	array	-	Supported OIDC scopes
oidc.grantTypes	array	-	Supported OAuth2 grant types
oidc.proof.exchange	string	-	Verification protocol identifier for credential verification; must reference an entry from verificationProtocol in Core service configuration

Branding and Customization

Customize the login experience with your organization's branding.

Variable	Type	Default	Description
customer.name	string	-	Customer/organization name for branding
customer.logo	string	-	URL or path to customer logo
customer.terms	string	-	URL to terms of service page
customer.privacy	string	-	URL to privacy policy page

Template Engine (Thymeleaf)

Configuration for Thymeleaf template rendering (used for login pages and UI).

Variable	Type	Default	Description
thymeleaf.cache	boolean	true	Enable template caching (set to false for development)
thymeleaf.check-template	boolean	true	Check that templates exist before rendering
thymeleaf.check-template-location	boolean	true	Check that template location exists
thymeleaf.content-type	string	text/html	Content type for rendered templates
thymeleaf.enabled	boolean	true	Enable/disable Thymeleaf template engine
thymeleaf.encoding	string	UTF-8	Character encoding for templates
thymeleaf.mode	string	HTML	Template mode (for example, HTML, XML, TEXT)
thymeleaf.prefix	string	classpath:/templates/	Prefix for template file locations
thymeleaf.suffix	string	.html	Suffix for template files
thymeleaf.template-resolver-order	integer	-	Order of template resolver in chain

Mobile App Integration

Variable	Type	Default	Description
appLink.url	string	-	Base URL for mobile app deep links
appLink.appUrl	string	-	Base URL for mobile app deep links
appLink.wallet.android.packageName	string	-	Android wallet app package name
appLink.wallet.android.sha256CertFingerPrint	string	-	SHA-256 certificate fingerprint for Android wallet app
appLink.wallet.ios.appId	string	-	iOS wallet app identifier
appLink.verifier.android.packageName	string	-	Android verifier app package name
appLink.verifier.android.sha256CertFingerPrint	string	-	SHA-256 certificate fingerprint for Android verifier app
appLink.verifier.ios.appId	string	-	iOS verifier app identifier

History Configuration

Variable	Type	Default	Description
history.type	string	-	History storage backend type, only REMOTE_REST supported
history.enabled	boolean	-	Enable/disable history; pushes to Core history endpoint

Management and Monitoring

Variable	Type	Default	Description
management.endpoints.access.default	string	-	Default access level for management endpoints
management.endpoint.health.probes.enabled	boolean	-	Enable Kubernetes health probes
management.endpoint.health.access	string	-	Access level for health endpoint (for example, unrestricted)
management.endpoint.info.access	string	-	Access level for info endpoint (for example, unrestricted)
management.endpoint.prometheus.access	string	-	Access level for Prometheus metrics endpoint (for example, unrestricted)

API Documentation (Springdoc)

Variable	Type	Default	Description
springdoc.show-actuator	boolean	-	Include Spring Boot Actuator endpoints in API docs
springdoc.api-docs.version	string	-	OpenAPI specification version (for example, openapi_3_1)
springdoc.packages-to-scan	string	-	Package names to scan for API documentation
springdoc.paths-to-match	string	-	Path patterns to include in API documentation (comma-separated)
springdoc.cache.disabled	boolean	-	Disable API documentation caching
springdoc.swagger-ui.operations-sorter	string	-	Operation sorting method in Swagger UI (for example, alpha)

Application Configuration

Variable	Type	Default	Description
spring.application.name	string	-	Application name identifier
spring.config.import	string	-	Import additional configuration files (for example, environment-specific properties)
spring.profiles.active	string	-	Active Spring profile(s)
spring.main.banner-mode	string	console	Spring Boot banner display mode
app.version	string	-	Application version identifier
app.stacktrace.enabled	boolean	-	Enable/disable stacktrace in error responses
type	string	-	Deployment environment type (for example, localdev)

Data Serialization

Variable	Type	Default	Description
spring.jackson.serialization.write_dates_as_timestamps	boolean	false	Serialize dates as timestamps vs ISO-8601 strings
spring.jackson.deserialization.read-unknown-enum-values-using-default-value	boolean	false	Use default enum value when encountering unknown enum values during deserialization
spring.jackson.default-property-inclusion	string	-	Default property inclusion strategy (for example, NON_NULL)

Logging

Variable	Type	Default	Description
logging.level.org.springframework.security	string	-	Log level for Spring Security (for example, DEBUG, INFO, WARN)

Development and Testing

Variable	Type	Default	Description
test.server.url	string	-	Base URL for test server