Update README.md

README.md

@@ -8,7 +8,7 @@
 * [Endpoints](#endpoints)
 * [How to contribute](#how-to-contribute)
 * [License](#license)
- 
+
 ## Overview
 
 An implementation of a credential issuing service, according to
@@ -34,14 +34,69 @@ and requires the use of a suitable OAUTH2 server.
 
 ## How to use docker
 
-Folder [docker-compose](docker-compose) contains a keycloak installation to be used in a local development environment
+Folder [docker-compose](docker-compose) contains the following services to be used in a local development environment:
+
+### Keycloak
+
+A Keycloak instance accessible via https://localhost/idp/ with the Realm *pid-issuer-realm*.
+
+The Realm *pid-issuer-realm*:
+
+- has user self-registration active with a custom registration page accessible via https://localhost/idp/realms/pid-issuer-realm/account/#/
+- defines *eu.europa.ec.eudiw.pid_vc_sd_jwt* scope for requesting PID issuance in SD JWT VC format
+- defines *eu.europa.ec.eudiw.pid_mso_mdoc* scope for requesting PID issuance in MSO MDOC format
+- defines *wallet-dev* and *pid-issuer-srv* clients
+- contains sample user with credentials: tneal / password
+
+Administration console is accessible via https://localhost/idp/admin/ using the credentials admin / password
+
+### PID Issuer
+
+A PID Issuer instance accessible via https://localhost/pid-issuer/
 
+It uses the configured Keycloak instance as an Authorization Server, and PID issuance both *SD JWT VC* and *MSO MDOC*
+formats is enabled. Additionally *deferred issuance* is enabled for *SD JWT VC* format.
+
+The issuing country is set to GR (Greece).
+
+### HA Proxy
+
+An HA Proxy instance is also configured. This instance exposes both Keyclaok and PID Issuer via https. The certificate
+and respective private key can be found in [docker-compose/haproxy/certs](docker-compose/haproxy/certs).
+
+### docker compose usage
 
 ```shell
-cd keycloak
+cd docker-compose
 docker-compose up -d
 ```
 
+or
+
+```shell
+cd docker-compose
+docker compose up -d
+```
+
+## Configuration
+
+The PID Issuer application can be configured using the following *environment variables*:
+
+| Environment variable                                            | Description                                                                     | Default value                                                            |
+|-----------------------------------------------------------------|---------------------------------------------------------------------------------|--------------------------------------------------------------------------|
+| SPRING_PROFILES_ACTIVE                                          | Spring profiles to enable.                                                      | None. Enable *insecure* profile to disable SSL certificates verification |
+| SPRING_WEBFLUX_BASE_PATH                                        | Context path for the PID issuer application.                                    | /                                                                        |
+| SERVER_PORT                                                     | Port for the HTTP listener of the PID Isser application                         | 8080                                                                     |
+| SPRING_SECURITY_OAUTH2_RESOURCESERVER_OPAQUETOKEN_CLIENT_ID     | Client Id of the OAuth2 client registered in the Authorization Server           | N/A                                                                      |
+| SPRING_SECURITY_OAUTH2_RESOURCESERVER_OPAQUETOKEN_CLIENT_SECRET | Client Server of the OAuth2 client registered in the Authorization Server       | N/A                                                                      |
+| ISSUER_PUBLICURL                                                | URL the PID Issuer application is accessible from.                              | http://localhost:${SERVER_PORT}                                          |
+| ISSUER_AUTHORIZATIONSERVER                                      | URL of the Authorization Server                                                 | N/A                                                                      |
+| ISSUER_AUTHORIZATIONSERVER_INTROSPECTION                        | URL of the Token Introspection endpoint of the Authorization Server             | N/A                                                                      |
+| ISSUER_AUTHORIZATIONSERVER_USERINFO                             | URL of the UserInfo endpoint of the Authorization Server                        | N/A                                                                      |
+| ISSUER_PID_MSO_MDOC_ENABLED                                     | Whether to enable support for PID issuance in *MSO MDOC* format                 | true                                                                     |
+| ISSUER_PID_SD_JWT_VC_ENABLED                                    | Whether to enable support for PID issuance in *SD JWT VC* format                | true                                                                     |
+| ISSUER_PID_SD_JWT_VC_DEFERRED                                   | Whether PID issueance in *SD JWT VC* format should be *deferred* or *immediate* | false (i.e. immediate issuance)                                          |
+| ISSUER_PID_ISSUING_COUNTRY                                      | Code of the Country issuing the PID                                             | N/A                                                                      |
 
 ## Endpoints