Sign upLogin

cloudfoundry/stratos

View on GitHub
Star
deploy/uaa/uaa.yml

Summary

Maintainability
Test Coverage
scim:
  username_pattern: '[A-Za-z0-9+\-_.@!'']+'
  groups:
    stratos.user: Users of the Stratos UI Console
    stratos.admin: Administrators of the Stratos UI Console
    stratos.publisher: Stratos UI Console users
  userids_enabled: true
  username_pattern: '[a-z0-9+\-_.@]+'
  users:
    - admin|hscadmin|admin@test.org|Admin|User|stratos.admin,stratos.user,stratos.publisher
    - user|hscuser|user@test.org|Developer|User|stratos.user
    - root|hscroot|root@test.org|Root|User|uaa.admin,scim.read,zones.uaa.admin

disableInternalAuth: false
disableInternalUserManagement: false

authentication:
  policy:
    lockoutAfterFailures: 10
    countFailuresWithinSeconds: 3600
    lockoutPeriodSeconds: 30

oauth:
  user:
    authorities:
      - openid
      - scim.me
      - uaa.user
      - stratos.user
      - cloud_controller.read
      - cloud_controller.write
      - cloud_controller_service_permissions.read
      - password.write
      - approvals.me
      - oauth.approvals
      - notification_preferences.read
      - notification_preferences.write
      - profile
      - roles
      - user_attributes

  clients:
    admin:
      id: admin
      secret: notchangeme
      override: true
      authorized-grant-types: client_credentials,implicit,password,refresh_token
      scope: scim.me,stratos.user,openid,profile,roles,notification_preferences.read user_attributes,uaa.user,notification_preferences.write,stratos.publisher,cloud_controller.read,password.write,approvals.me,cloud_controller.write,cloud_controller_service_permissions.read,stratos.admin,oauth.approvals,uaa.admin,scim.read,zones.uaa.admin
      authorities: clients.read,clients.write,clients.secret,uaa.admin,scim.read,scim.write,password.write,zone.admin,stratos.admin,stratos.user,stratos.publisher
      access-token-validity: 3600
      refresh-token-validity: 2592000
      redirect-uri: https://127.0.0.1:4200/pp/v1/auth/**
    console:
      id: console
      override: true
      authorized-grant-types: client_credentials,implicit,password,refresh_token,authorization_code
      scope: scim.me,stratos.user,openid,profile,roles,notification_preferences.read user_attributes,uaa.user,notification_preferences.write,stratos.publisher,cloud_controller.read,password.write,approvals.me,cloud_controller.write,cloud_controller_service_permissions.read,stratos.admin,oauth.approvals
      authorities: clients.read,clients.write,clients.secret,uaa.admin,scim.read,scim.write,password.write,zone.admin,stratos.admin,stratos.user,stratos.publisher
      access-token-validity: 3600
      refresh-token-validity: 2592000
      redirect-uri: https://127.0.0.1:4200/pp/v1/auth/**
login:
  serviceProviderKey: |
    -----BEGIN RSA PRIVATE KEY-----
    MIICXQIBAAKBgQDHtC5gUXxBKpEqZTLkNvFwNGnNIkggNOwOQVNbpO0WVHIivig5
    L39WqS9u0hnA+O7MCA/KlrAR4bXaeVVhwfUPYBKIpaaTWFQR5cTR1UFZJL/OF9vA
    fpOwznoD66DDCnQVpbCjtDYWX+x6imxn8HCYxhMol6ZnTbSsFW6VZjFMjQIDAQAB
    AoGAVOj2Yvuigi6wJD99AO2fgF64sYCm/BKkX3dFEw0vxTPIh58kiRP554Xt5ges
    7ZCqL9QpqrChUikO4kJ+nB8Uq2AvaZHbpCEUmbip06IlgdA440o0r0CPo1mgNxGu
    lhiWRN43Lruzfh9qKPhleg2dvyFGQxy5Gk6KW/t8IS4x4r0CQQD/dceBA+Ndj3Xp
    ubHfxqNz4GTOxndc/AXAowPGpge2zpgIc7f50t8OHhG6XhsfJ0wyQEEvodDhZPYX
    kKBnXNHzAkEAyCA76vAwuxqAd3MObhiebniAU3SnPf2u4fdL1EOm92dyFs1JxyyL
    gu/DsjPjx6tRtn4YAalxCzmAMXFSb1qHfwJBAM3qx3z0gGKbUEWtPHcP7BNsrnWK
    vw6By7VC8bk/ffpaP2yYspS66Le9fzbFwoDzMVVUO/dELVZyBnhqSRHoXQcCQQCe
    A2WL8S5o7Vn19rC0GVgu3ZJlUrwiZEVLQdlrticFPXaFrn3Md82ICww3jmURaKHS
    N+l4lnMda79eSp3OMmq9AkA0p79BvYsLshUJJnvbk76pCjR28PK4dV1gSDUEqQMB
    qy45ptdwJLqLJCeNoR0JUcDNIRhOCuOPND7pcMtX6hI/
    -----END RSA PRIVATE KEY-----
  serviceProviderKeyPassword: password
  serviceProviderCertificate: |
    -----BEGIN CERTIFICATE-----
    MIIDSTCCArKgAwIBAgIBADANBgkqhkiG9w0BAQQFADB8MQswCQYDVQQGEwJhdzEO
    MAwGA1UECBMFYXJ1YmExDjAMBgNVBAoTBWFydWJhMQ4wDAYDVQQHEwVhcnViYTEO
    MAwGA1UECxMFYXJ1YmExDjAMBgNVBAMTBWFydWJhMR0wGwYJKoZIhvcNAQkBFg5h
    cnViYUBhcnViYS5hcjAeFw0xNTExMjAyMjI2MjdaFw0xNjExMTkyMjI2MjdaMHwx
    CzAJBgNVBAYTAmF3MQ4wDAYDVQQIEwVhcnViYTEOMAwGA1UEChMFYXJ1YmExDjAM
    BgNVBAcTBWFydWJhMQ4wDAYDVQQLEwVhcnViYTEOMAwGA1UEAxMFYXJ1YmExHTAb
    BgkqhkiG9w0BCQEWDmFydWJhQGFydWJhLmFyMIGfMA0GCSqGSIb3DQEBAQUAA4GN
    ADCBiQKBgQDHtC5gUXxBKpEqZTLkNvFwNGnNIkggNOwOQVNbpO0WVHIivig5L39W
    qS9u0hnA+O7MCA/KlrAR4bXaeVVhwfUPYBKIpaaTWFQR5cTR1UFZJL/OF9vAfpOw
    znoD66DDCnQVpbCjtDYWX+x6imxn8HCYxhMol6ZnTbSsFW6VZjFMjQIDAQABo4Ha
    MIHXMB0GA1UdDgQWBBTx0lDzjH/iOBnOSQaSEWQLx1syGDCBpwYDVR0jBIGfMIGc
    gBTx0lDzjH/iOBnOSQaSEWQLx1syGKGBgKR+MHwxCzAJBgNVBAYTAmF3MQ4wDAYD
    VQQIEwVhcnViYTEOMAwGA1UEChMFYXJ1YmExDjAMBgNVBAcTBWFydWJhMQ4wDAYD
    VQQLEwVhcnViYTEOMAwGA1UEAxMFYXJ1YmExHTAbBgkqhkiG9w0BCQEWDmFydWJh
    QGFydWJhLmFyggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAYvBJ
    0HOZbbHClXmGUjGs+GS+xC1FO/am2suCSYqNB9dyMXfOWiJ1+TLJk+o/YZt8vuxC
    KdcZYgl4l/L6PxJ982SRhc83ZW2dkAZI4M0/Ud3oePe84k8jm3A7EvH5wi5hvCkK
    RpuRBwn3Ei+jCRouxTbzKPsuCVB+1sNyxMTXzf0=
    -----END CERTIFICATE-----

#The secret that an external login server will use to authenticate to the uaa using the id `login`
#LOGIN_SECRET: loginsecret

jwt:
  token:
    signing-key: tokenKey
    verification-key: verificationKey

zones:
  internal:
    hostnames:
      - localhost
#      - 10.4.21.242

encryption:
  active_key_label: stratos-uaa-key
  encryption_keys:
  - label: stratos-uaa-key
    passphrase: changeme

#The secret that an external login server will use to authenticate to the uaa using the id `login`
LOGIN_SECRET: secret