dex job from dex/2

Github source: 2d381f4 or master branch

Properties¶

dex¶

connectors¶

Connectors configuration

Example

- id: mock
  name: Example
  type: mockCallback

enable_password_db¶

Enable/Disable a list of passwords which can be used to login to dex

expiry¶

id_tokens¶

Duration of time for which the IdTokens will be valid

Example

24h

signing_keys¶

Duration of time after which the SigningKeys will be rotated

Example

6h

grpc¶

port¶

gRPC port

Default

5557

tls_cert¶

gRPC TLS certificate (PEM format)

tls_client_ca¶

gRPC TLS client ca (PEM format)

tls_key¶

gRPC TLS private key (PEM format)

issuer¶

The base path of dex and the external name of the OpenID Connect service

log¶

format¶

Log format

level¶

Log level

Default

info

oauth2¶

response_types¶

Response types to enable

Example

'[''code'', ''token'', ''id_token'']'

skip_approval_screen¶

Enable/Disable prompt the user to approve client authorization. The act of logging in implies authorization

static_clients¶

Static list of clients

Example

- id: example-app
  name: Example App
  redirectURIs:
  - http://127.0.0.1:5555/callback
  secret: ZXhhbXBsZS1hcHAtc2VjcmV0

static_passwords¶

Static list of passwords to login the end user

Example

- email: admin@example.com
  hash: $2a$10$2b2cU8CPhOTaGrs1HRQuAueS7JTT5ZHsHSzYiFPm1leZck7Mc8T4W
  userID: 08a8684b-db88-4b73-90a9-3cd1661f5466
  username: admin

storage¶

kubernetes¶

kubeconfig¶

Kubernetes configuration

postgres¶

connection_timeout¶

PostgreSQL connection timeout

database¶

PostgreSQL database

host¶

PostgreSQL host

password¶

PostgreSQL password

port¶

PostgreSQL port

tls_ca¶

PostgreSQL TLS CA (PEM format)

tls_cert¶

PostgreSQL TLS certificate (PEM format)

tls_key¶

PostgreSQL TLS private key (PEM format)

tls_mode¶

PostgreSQL TLS mode

Default

disable

user¶

PostgreSQL user

type¶

Storage type (kubernetes, memory, postgres, sqlite3)

Default

memory

web¶

allowed_origins¶

Array of allowed origins

http_port¶

Web HTTP port

Default

5556

https_port¶

Web HTTPS port

Default

5554

tls_cert¶

Web TLS certificate (PEM format)

tls_key¶

Web TLS private key (PEM format)

Templates¶

Templates are rendered and placed onto corresponding instances during the deployment process. This job's templates will be placed into /var/vcap/jobs/dex/ directory (learn more).

• bin/dex_ctl (from bin/dex_ctl)
• config/dex.yml (from config/dex.yml)
• config/grpc_tls_cert.pem (from config/grpc_tls_cert.pem)
• config/grpc_tls_client_ca.pem (from config/grpc_tls_client_ca.pem)
• config/grpc_tls_key.pem (from config/grpc_tls_key.pem)
• config/kubeconfig (from config/kubeconfig)
• config/postgres_tls_ca.pem (from config/postgres_tls_ca.pem)
• config/postgres_tls_cert.pem (from config/postgres_tls_cert.pem)
• config/postgres_tls_key.pem (from config/postgres_tls_key.pem)
• config/web_tls_cert.pem (from config/web_tls_cert.pem)
• config/web_tls_key.pem (from config/web_tls_key.pem)

Packages¶

Packages are compiled and placed onto corresponding instances during the deployment process. Packages will be placed into /var/vcap/packages/ directory.

• dex