This document is describing an outdated version (v0.5.0). Please consider switching to the latest version (v0.19.0).

ssoca job

Usage

releases:
- name: "ssoca"
  version: "0.5.0"
instance_groups:
- name: "ssoca"
  jobs:
  - name: "ssoca"
    release: "ssoca"
    properties: {}

Properties

The following properties can be configured for the job.

auth.options

A hash of method-specific authentication options. This often includes Client ID/Secrets and endpoints.
Example
client_id: a1b2c3d4e5f6
client_secret: a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4

auth.type

The authentication method to use (github, google, http, uaa)
Example
github

certauths

An array of certificate authorities and their configurations.
Example
- options:
    certificate: |
      -----BEGIN CERTIFICATE-----
      MIIDHjCCAgagAwIBAgIRALdnV+vn5/gr4KTP1vyYCjAwDQYJKoZIhvcNAQELBQAw
      ...snip...
      -----END CERTIFICATE-----
    private_key: |
      -----BEGIN RSA PRIVATE KEY-----
      MIIEogIBAAKCAQEAv7H0Ed7PnPpU4rrT7b83TlEzV6fdxDHLEh7pSX1xQPfNeSsy
      ...snip...
      -----END RSA PRIVATE KEY-----
  type: memory

enable_client_downloads

True to publish file downloads of the client binaries.
Default
true

enable_ui

True to enable a simple browser landing page for users.
Default
true

env.banner

A banner message or notice that users may find useful.
Default
""

env.metadata

A simple hash of string key-value pairs which is opaque to the server.
Default
{}

env.name

A recommended environment name that users may find useful.
Default
ssoca

env.title

A friendly human environment name that users may find useful.
Default
ssoca

env.url

The externally accessible URL for this service.

server.certificate

A PEM-formatted certificate for the server.

server.host

The bind address for the listening server
Default
0.0.0.0

server.port

The bind port for the listening server
Default
18705

server.private_key

A PEM-formatted private key for the server.

server.redirect.auth_failure

A redirect URL for users who have just failed to authenticate.
Default
""

server.redirect.auth_success

A redirect URL for users who have just authenticated successfully.
Default
""

server.redirect.root

A redirect URL for users directly accessing the server root.
Default
""

services

An array of signing services and their configurations.
Example
- options:
    target:
      host: 192.0.2.1
      user: vcap
  require:
  - remote_ip:
      within: 192.0.2.0/24
  - scope:
      present: example/admin
  type: ssh

Runtime

Templates

The following templates are rendered and installed in /var/vcap/jobs/ssoca.

Packages

The job depends on the following packages installed in /var/vcap/packages.

Source

Based on jobs/ssoca/spec (source, YAML, JSON).