Generating an Auth file

The VMware Tanzu Operations Manager authentication system can be configured several ways. The format of the configuration file varies according to the authentication method to be used.

Configure authentication

See configure-authentication.


    ---
    username: username
    password: password
    decryption-passphrase: decryption-passphrase

    # Optional
    # http-proxy-url:           # proxy for outbound HTTP network traffic
    # https-proxy-url:          # proxy for outbound HTTPS network traffic
    # no-proxy:                 # comma-separated list of hosts that do not go
                                # through the proxy
    # precreated-client-secret: # create a UAA client on the Ops Manager VM.
                                # this will be client-secret in env.yml
                                # client ID is pre-created-client

Configure LDAP authentication

See configure-ldap-authentication.


    decryption-passphrase: some-passphrase
    server-url: ldap://example.com
    ldap-username: cn=admin,dc=opsmanager,dc=com
    ldap-password: some-password
    user-search-base: ou=users,dc=opsmanager,dc=com
    user-search-filter: cn={0}
    group-search-base: ou=groups,dc=opsmanager,dc=com
    group-search-filter: member={0}
    ldap-rbac-admin-group-name: cn=opsmgradmins,ou=groups,dc=opsmanager,dc=com
    email-attribute: mail
    ldap-referrals: follow

    # Optional
    # http-proxy-url:                 # proxy for outbound HTTP network traffic
    # https-proxy-url:                # proxy for outbound HTTPS network traffic
    # no-proxy:                       # comma-separated list of hosts that do not go
                                      # through the proxy
    # precreated-client-secret:       # create a UAA client on the Ops Manager VM.
                                      # this will be client-secret in env.yml
                                      # client ID is precreated-client
    # server-ssl-cert:                # the server certificate when using ldaps://
    # skip-create-bosh-admin-client:  # do not create a UAA client on the BOSH
                                      # director. The client is required to execute
                                      # BOSH commands from the BOSH CLI

Configure SAML authentication

See configure-saml-authentication.


    ---
    decryption-passphrase: decryption-passphrase
    saml-idp-metadata: https://saml.example.com:8080
    saml-bosh-idp-metadata: https://bosh-saml.example.com:8080
    saml-rbac-admin-group: opsman.full_control
    saml-rbac-groups-attribute: myenterprise

    # Optional
    # http-proxy-url:                 # proxy for outbound HTTP network traffic
    # https-proxy-url:                # proxy for outbound HTTPS network traffic
    # no-proxy:                       # comma-separated list of hosts that do not go
                                      # through the proxy
    # precreated-client-secret:       # create a UAA client on the Ops Manager VM.
                                      # this will be client-secret in env.yml
                                      # client ID is precreated-client                                  
    # server-ssl-cert:                # the server certificate when using ldaps://
    # skip-create-bosh-admin-client:  # do not create a UAA client on the BOSH
                                      # director. The client is required to execute
                                      # BOSH commands from the BOSH CLI

Managing configuration, auth, and state files

To use all these files with the Concourse tasks that require them, you need to make them available as Concourse resources. They’re all text files. There are many resource types that can work for this. In our examples, we use a git repository. As with the tasks and image, you need to declare a resource in your pipeline for each repo you need.

check-circle-line exclamation-circle-line close-line
Scroll to top icon