From ca80e0b43a2b0bf5917f717c807307402d990935 Mon Sep 17 00:00:00 2001
From: Phil Hunt <phil.hunt@independentid.com>
Date: Mon, 10 Jun 2024 16:45:55 -0700
Subject: [PATCH] Added comment regarding TLS support (related to Issue #31)

Signed-off-by: Phil Hunt <phil.hunt@independentid.com>
---
 cmd/hexaAuthZen/README.md     | 6 +++---
 cmd/hexaAuthZen/main.go       | 1 +
 cmd/hexaAuthZen/server_env.sh | 8 ++++----
 3 files changed, 8 insertions(+), 7 deletions(-)

diff --git a/cmd/hexaAuthZen/README.md b/cmd/hexaAuthZen/README.md
index 89d8c0b..c0afe4b 100644
--- a/cmd/hexaAuthZen/README.md
+++ b/cmd/hexaAuthZen/README.md
@@ -180,8 +180,8 @@ The following IDQL policies are used:
 | PORT                  | The HTTP Port for all endpoints                                                                                                         |
 | AUTHZEN_BUNDLE_DIR    | The location of an OPA Bundle containing hexaPolicy.rego, and data.json containing the ToDo Application IDQL                            |
 | AUTHZEN_USERPIP_FILE  | The location of a JSON file containing the test users                                                                                   |
-| TKN_DIRECTORY | THe location of a directory that contains the JWT token issuer public key (file issuer-cert.pem)                                        |
-| TKN_MODE      | If set to "ANON", all access is unauthenticated, "BUNDLE", the bundle endpoint is protected. "ALL" (default) will enforce all endpoints |
-| TKN_ISSUER            | The key id (kid) of the issuer - used to match the kid in a JWT with the public key                                                     |
+| HEXA_TKN_DIRECTORY | THe location of a directory that contains the JWT token issuer public key (file issuer-cert.pem)                                        |
+| HEXA_TKN_MODE      | If set to "ANON", all access is unauthenticated, "BUNDLE", the bundle endpoint is protected. "ALL" (default) will enforce all endpoints |
+| HEXA_TKN_ISSUER            | The key id (kid) of the issuer - used to match the kid in a JWT with the public key                                                     |
 
 
diff --git a/cmd/hexaAuthZen/main.go b/cmd/hexaAuthZen/main.go
index 6402abd..2194032 100644
--- a/cmd/hexaAuthZen/main.go
+++ b/cmd/hexaAuthZen/main.go
@@ -15,6 +15,7 @@ var mLog = config.ServerLog
 
 func main() {
 	mLog.Printf("Hexa AuthZen Server starting...")
+	mLog.Println("Note: This AuthZen demo server does not support TLS and should be deployed behind a TLS proxy terminator (e.g. Google App Engine).")
 	mLog.Printf(fmt.Sprintf("Version: %s", config.HexaAuthZenVersion))
 	port := "8080"
 	if found := os.Getenv("PORT"); found != "" {
diff --git a/cmd/hexaAuthZen/server_env.sh b/cmd/hexaAuthZen/server_env.sh
index 1d44e66..cc7032c 100644
--- a/cmd/hexaAuthZen/server_env.sh
+++ b/cmd/hexaAuthZen/server_env.sh
@@ -1,7 +1,7 @@
 export PORT=8080
 export AUTHZEN_BUNDLE_DIR=deployments/authZen/bundles
 export AUTHZEN_USERPIP_FILE=deployments/authZen/users.json
-export TKN_DIRECTORY=./.certs
-export TKN_PRIVKEYFILE=
-export TKN_MODE=ANON
-export TKN_ISSUER=authZen
\ No newline at end of file
+export HEXA_TKN_DIRECTORY=./.certs
+export HEXA_TKN_PRIVKEYFILE=
+export HEXA_TKN_MODE=ANON
+export HEXA_TKN_ISSUER=authZen
\ No newline at end of file