Notification Gateway Service#
New in version 1.1.
ESS provides a Notification Gateway service for discovering the protocol-specific endpoints.
Notification Gateway Service Endpoint#
ESS Notification Gateway Service has the following endpoint:
https://notification.<ESS Domain>/
Clients can POST
the following JSON document to the ESS
Notification Gateway to determine the
WebSocket Notification Service endpoint; no authentication is
required:
{ "protocols": ["ws"] }
The response JSON contains the WebSocket endpoint that clients can access for login; for example:
{ "endpoint": "https://websocket.<ESS Domain>/", "features": [], "protocol": "ws" }
Notification Gateway Service is based on the Solid Notifications Protocol [1].
See also
Configuration#
As part of the installation process, Inrupt provides base Kustomize overlays and associated files that require deployment-specific configuration inputs.
The following configuration options are available for the service and may be set as part of updating the inputs for your deployment. The Inrupt-provided base Kustomize overlays may be using updated configuration values that differ from the default values.
Required#
- INRUPT_NOTIFICATION_WS_ENDPOINT#
The URL of the WebSocket service; e.g.,
https://websocket.{ESS Domain}/
.
Kafka Configuration#
Tip
See also ESS’ Kafka Configuration.
- KAFKA_BOOTSTRAP_SERVERS#
Default:
localhost:9092
Comma-delimited list of Kafka broker servers for use by ESS services, including this service.
Setting
KAFKA_BOOTSTRAP_SERVERS
configures ESS to use the same Kafka instance(s) for all its Kafka message channels (e.g.,solidresource
andauditv1out
message channels). This service uses theauditv1out
message channel.Note
Inrupt-provided overlays default to using
KAFKA_BOOTSTRAP_SERVERS
.To use a different Kafka instance for the
auditv1out
channel, useMP_MESSAGING_OUTGOING_AUDITV1OUT_BOOTSTRAP_SERVERS
instead.See also ESS’ Kafka Configuration.
- MP_MESSAGING_OUTGOING_AUDITV1OUT_BOOTSTRAP_SERVERS#
Default:
localhost:9092
Comma-delimited list of Kafka broker servers used for the outgoing audit v1 messages.
These messages are sent over the
auditv1out
message channel.Note
To configure ESS to use the same Kafka instances for all its Kafka message channels, use
KAFKA_BOOTSTRAP_SERVERS
option instead. Inrupt-provided overlays default to usingKAFKA_BOOTSTRAP_SERVERS
.
- INRUPT_KAFKA_AUDITV1EVENTSENCRYPTED_CIPHER_PASSWORD#
The strong cipher key to use when running auditing with encrypted messages.
Optional#
- INRUPT_JWT_ISSUER_ALLOW_LIST#
A comma-separated list of trusted Solid-OIDC issuers (i.e., identity providers).
If unset, the service accepts all Solid-OIDC issuers with the exception of those in the
INRUPT_JWT_ISSUER_DENY_LIST
.If set, the service accepts only those Solid-OIDC issuers in the list with the following exception:
If an issuer is in both
INRUPT_JWT_ISSUER_ALLOW_LIST
andINRUPT_JWT_ISSUER_DENY_LIST
, theINRUPT_JWT_ISSUER_DENY_LIST
supersedes theINRUPT_JWT_ISSUER_ALLOW_LIST
and the issuer is not accepted by ESS.
See also
INRUPT_JWT_ISSUER_DENY_LIST
.
- INRUPT_JWT_ISSUER_DENY_LIST#
A comma-separated list of disallowed Solid-OIDC issuers.
If unset, the service accepts all Solid-OIDC issuers unless
INRUPT_JWT_ISSUER_ALLOW_LIST
is set, in which case, the service only accepts those in theINRUPT_JWT_ISSUER_ALLOW_LIST
.If set, the service disallows the Solid-OIDC issuers in the list. If
INRUPT_JWT_ISSUER_ALLOW_LIST
is also set, issuers not in theINRUPT_JWT_ISSUER_ALLOW_LIST
are also disallowed.
- INRUPT_JWT_ALLOWED_SIGNATURE_ALGORITHMS#
Default:
ES256
,RS256
A comma-separated list that specifies the allowed encryption algorithms used to sign ID tokens.