ssoca job

Usage

releases:
- name: "ssoca"
  version: "0.19.0"
instance_groups:
- name: "ssoca"
  jobs:
  - name: "ssoca"
    release: "ssoca"
    properties: {}

Properties

The following properties can be configured for the job.

auth.options

A hash of method-specific authentication options. This often includes Client ID/Secrets and endpoints.
Example
client_id: a1b2c3d4e5f6
client_secret: a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4

auth.type

The authentication method to use (github, google, http, uaa)
Example
github

certauths

An array of certificate authorities and their configurations.
Example
- options:
    certificate: |
      -----BEGIN CERTIFICATE-----
      MIIDHjCCAgagAwIBAgIRALdnV+vn5/gr4KTP1vyYCjAwDQYJKoZIhvcNAQELBQAw
      ...snip...
      -----END CERTIFICATE-----
    private_key: |
      -----BEGIN RSA PRIVATE KEY-----
      MIIEogIBAAKCAQEAv7H0Ed7PnPpU4rrT7b83TlEzV6fdxDHLEh7pSX1xQPfNeSsy
      ...snip...
      -----END RSA PRIVATE KEY-----
  type: memory

enable_client_downloads

True to publish file downloads of the client binaries.
Default
true

enable_ui

True to enable a simple browser landing page for users.
Default
true

env.banner

A banner message or notice that users may find useful.
Default
""

env.metadata

A simple hash of string key-value pairs which is opaque to the server.
Default
{}

env.name

A recommended environment name that users may find useful.
Default
ssoca

env.title

A friendly human environment name that users may find useful.
Default
ssoca

env.url

The externally accessible URL for this service.
The certificate authority used for signing by the openvpn service (only applies when using the openvpn link)
Default
default
The validity of certificates signed by the openvpn service (only applies when using the openvpn link)
Default
12h
An array of authentication requirements for the openvpn service (only applies when using the openvpn link)
Default
- authenticated: null

server.certificate

A PEM-formatted certificate for the server.

server.host

The bind address for the listening server
Default
0.0.0.0

server.port

The bind port for the listening server
Default
18705

server.private_key

A PEM-formatted private key for the server.

server.redirect.auth_failure

A redirect URL for users who have just failed to authenticate.
Default
""

server.redirect.auth_success

A redirect URL for users who have just authenticated successfully.
Default
""

server.redirect.root

A redirect URL for users directly accessing the server root.
Default
""

server.robotstxt

A custom robots.txt document for the server to provide.
Default
null
Example
|
  User-agent: *
  Disallow:

server.trusted_proxies

A list of proxy IPs or CIDRs to trust when detecting remote client IPs.
Default
[]
Example
- 127.0.0.1/8
- ::1

services

An array of signing services and their configurations.
Default
[]
Example
- options:
    target:
      host: 192.0.2.1
      user: vcap
  require:
  - remote_ip:
      within: 192.0.2.0/24
  - scope:
      present: example/admin
  type: ssh

Consumed Links

The job consumes the following links.

openvpn (openvpn)

Runtime

Templates

The following templates are rendered and installed in /var/vcap/jobs/ssoca.

Packages

The job depends on the following packages installed in /var/vcap/packages.

Source

Based on jobs/ssoca/spec (source, YAML, JSON).