Skip to content

login job from cf/191

Github source: 43c823b7 or master branch

Properties

domain

The domain name for this CloudFoundry deploy

env

http_proxy

The http_proxy accross the VMs

https_proxy

The https_proxy accross the VMs

no_proxy

Set No_Proxy accross the VMs

login

analytics

code

Analytics code

domain

Analytics domain

asset_base_url

Base url for static assets, allows custom styling of the login server. Use ‘/resources/pivotal’ for Pivotal style.

brand

The brand to use for the reset password emails, available values are oss and pivotal

Default
oss

catalina_opts

entity_id

Deprecated: Use login.saml.entityid

ldap

localPasswordCompare

deprecated. use UAA configuration.

Default
"true"
passwordAttributeName

deprecated. use UAA configuration.

Default
userPassword
passwordEncoder

deprecated. use UAA configuration.

Default
org.cloudfoundry.identity.uaa.login.ldap.DynamicPasswordComparator
profile_type

deprecated. use UAA configuration.

searchBase

deprecated. use UAA configuration.

Default
""
searchFilter

deprecated. use UAA configuration.

Default
cn={0}
sslCertificate

deprecated. use UAA configuration.

sslCertificateAlias

deprecated. use UAA configuration.

url

deprecated. use UAA configuration.

userDN

deprecated. use UAA configuration.

userDNPattern

deprecated. use UAA configuration.

userPassword

deprecated. use UAA configuration.

A hash of home/passwd/signup URLS (see commented examples below)

home

URL for primary console/dashboard for users

Default
https://console.run.pivotal.io
network

URL for Pivotal Network

Default
https://network.gopivotal.com/login
passwd

URL for requesting password reset

Default
https://console.run.pivotal.io/password_resets/new
signup

URL for requesting to signup/register for an account

Default
https://console.run.pivotal.io/register
signup-network

URL for requesting to signup/register for an account at Pivotal Network

Default
https://network.gopivotal.com/registrations/new

port

Default
8080

protocol

The scheme in which login server should use to contact the UAA

Default
http

saml

assertion_consumer_index

Deprecated: Use login.saml.providers list objects

Default
1
entityid

The ID to represent this server

idpEntityAlias

Deprecated: Use login.saml.providers list objects

idpMetadataURL

Deprecated: Use login.saml.providers list objects

idp_metadata_file

Deprecated: Use login.saml.providers list objects

keystore_key

Key name of the SAML login server keystore.

Default
selfsigned
keystore_name

Name of the SAML login server keystore.

Default
samlKeystore.jks
keystore_password

Key password to the SAML login server keystore.

Default
password
metadataTrustCheck

Deprecated: Use login.saml.providers list objects

Default
true
nameidFormat

Deprecated: Use login.saml.providers list objects

Default
urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
providers

Contains a hash of SAML Identity Providers, the key is the IDP Alias, followed by key/value pairs for idpMetadata, nameID, assertionConsumerIndex, metadataTrustCheck, showSamlLoginLink, linkText, iconUrl

serviceProviderCertificate

Service provider certificate.

serviceProviderKey

Private key for the service provider certificate.

serviceProviderKeyPassword

Password to protect the service provider private key.

socket
connectionManagerTimeout

Timeout in milliseconds for connection pooling for SAML metadata HTTP requests

soTimeout

Read timeout in milliseconds for SAML metadata HTTP requests

signups_enabled

Enable account creation flow in the login server. Enabled by default.

smtp

SMTP server configuration, for password reset emails etc.

host

SMTP server host address

Default
localhost
password

SMTP server password

port

SMTP server port

Default
2525
user

SMTP server username

spring_profiles

deprecated. use UAA configuration.

tiles

A list of links to other services to show on the landing page after logging in and/or signing up, depending on whether login-link and/or signup-link is specified.

uaa_base

Location of the UAA.

uaa_certificate

Certificate to import if the UAA is using self-signed certificates

nats

machines

IP of each NATS cluster member.

password

Password for NATS login

port

TCP port of NATS server

user

User name for NATS login

networks

apps

The Login network name

syslog_aggregator

address

IP address for syslog aggregator

all

Define whether forwarders should send all their syslog data to our aggregator.

Default
false

port

TCP port of syslog aggregator

transport

Transport to be used when forwarding logs (tcp|udp|relp).

Default
tcp

uaa

clients

login
secret

Login client secret - overrides uaa.login.client_secret

dump_requests

login

client_secret

Deprecated. Default login client secret if no login client is defined

require_https

Templates

Templates are rendered and placed onto corresponding instances during the deployment process. This job's templates will be placed into /var/vcap/jobs/login/ directory (learn more).

  • bin/install_crt (from install_crt.erb)
  • bin/login_cf-registrar_ctl (from cf-registrar_ctl)
  • bin/login_ctl (from login_ctl.erb)
  • config/cf-registrar/config.yml (from cf-registrar.config.yml.erb)
  • config/log4j.properties (from log4j.properties.erb)
  • config/login.yml (from login.yml.erb)
  • config/syslog_forwarder.conf (from syslog_forwarder.conf.erb)
  • config/tomcat/logging.properties (from tomcat.logging.properties)
  • config/tomcat/server.xml (from tomcat.server.xml.erb)
  • config/tomcat/web.xml (from web.xml.erb)
  • config/uaa.crt (from uaa.crt.erb)
  • config/varz.yml (from varz.yml.erb)

Packages

Packages are compiled and placed onto corresponding instances during the deployment process. Packages will be placed into /var/vcap/packages/ directory.