Admin Console Gateway Configuration Properties
View product
v1.10.3
The configuration properties used by the Admin Console Gateway are listed below.
It is possible to override any configuration property by an environment variable. To override the property prop.some-key, define an environment variable PROP_SOME_KEY. The rules are:
- All letters must be converted to uppercase.
- Dots (
.) and hyphens (-) must be replaced with underscores (_).
General configuration
| Property / Corresponding environment variable | Default | Description |
|---|---|---|
powerauth.cloud.admin-console-gateway.powerauth.cloud.service.urlPOWERAUTH_CLOUD_ADMIN_CONSOLE_GATEWAY_POWERAUTH_CLOUD_SERVICE_URL |
_empty_ |
URL of the PowerAuth Cloud service (mandatory) |
powerauth.cloud.admin-console-gateway.jwt.external-user-id-claimPOWERAUTH_CLOUD_ADMIN_CONSOLE_GATEWAY_JWT_EXTERNAL_USER_ID_CLAIM |
unique_name |
Claim in the received JWT to retrieve the external user id from (if the configured claim is not present in the JWT, the sub claim is used by default) |
Upstream Security Configuration
| Property / Corresponding environment variable | Default | Description |
|---|---|---|
powerauth.cloud.admin-console-gateway.security.auth.oidc.roles-claim-expressionPOWERAUTH_CLOUD_ADMIN_CONSOLE_GATEWAY_SECURITY_AUTH_OIDC_ROLES_CLAIM_EXPRESSION |
[roles] |
SpEL expression used to match the claim in the received JWT to retrieve the authenticated user’s roles from (for nested claims, use [topLevel][nested]) |
powerauth.cloud.admin-console-gateway.jwt.issuer-uriPOWERAUTH_CLOUD_ADMIN_CONSOLE_GATEWAY_JWT_ISSUER_URI |
_empty_ |
Authorization Server URI used to obtain all necessary data (discover public keys) for incoming JWT verification (the value is also used for iss claim verification) - this or the following property must be defined (both are also valid) |
spring.security.oauth2.resourceserver.jwt.jwk-set-uriSPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_JWK_SET_URI |
_empty_ |
Authorization Server JWK Set URI to directly specify the public keys URI (if this property is set, the previous property - if defined - is used only for iss claim verification) |
powerauth.cloud.admin-console-gateway.jwt.audiencesPOWERAUTH_CLOUD_ADMIN_CONSOLE_GATEWAY_JWT_AUDIENCES |
_empty_ |
Required aud claim value of the incoming JWT (if not defined, the aud claim value is not verified) |
Downstream Security Configuration
| Property / Corresponding environment variable | Default | Description |
|---|---|---|
powerauth.cloud.admin-console-gateway.security.downstream.auth.typePOWERAUTH_CLOUD_ADMIN_CONSOLE_GATEWAY_SECURITY_DOWNSTREAM_AUTH_TYPE |
BASIC_HTTP |
Authentication type to be used with downstream requests to the PowerAuth Cloud service (possible values are BASIC_HTTP and NONE) |
powerauth.cloud.admin-console-gateway.security.downstream.auth.basic.usernamePOWERAUTH_CLOUD_ADMIN_CONSOLE_GATEWAY_SECURITY_DOWNSTREAM_AUTH_BASIC_USERNAME |
_empty_ |
Username to be used with downstream Basic HTTP authentication (mandatory if downstream authentication type is BASIC_HTTP) |
powerauth.cloud.admin-console-gateway.security.downstream.auth.basic.passwordPOWERAUTH_CLOUD_ADMIN_CONSOLE_GATEWAY_SECURITY_DOWNSTREAM_AUTH_BASIC_PASSWORD |
_empty_ |
Password to be used with downstream Basic HTTP authentication (mandatory if downstream authentication type is BASIC_HTTP) |
Monitoring and Observability
| Property / Corresponding environment variable | Default | Note |
|---|---|---|
powerauth.cloud.admin-console-gateway.loggingPOWERAUTH_CLOUD_ADMIN_CONSOLE_GATEWAY_LOGGING |
_empty_ |
Reference to the logging configuration to load |
Last updated on Dec 16, 2025 (08:40)
View product