Configuring Auth

Generating an Auth File

Ops Manager's authentication system can be configured several ways. The format of the configuration file varies according to the authentication method to be used.

configure-authentication:

---
username: username
password: password
decryption-passphrase: decryption-passphrase

configure-ldap-authentication:

decryption-passphrase: some-passphrase
server-url: ldap://example.com
ldap-username: cn=admin,dc=opsmanager,dc=com
ldap-password: some-password
user-search-base: ou=users,dc=opsmanager,dc=com
user-search-filter: cn={0}
group-search-base: ou=groups,dc=opsmanager,dc=com
group-search-filter: member={0}
ldap-rbac-admin-group-name: cn=opsmgradmins,ou=groups,dc=opsmanager,dc=com
email-attribute: mail
ldap-referrals: follow

configure-saml-authentication:

---
decryption-passphrase: decryption-passphrase
saml-idp-metadata: https://saml.example.com:8080
saml-bosh-idp-metadata: https://bosh-saml.example.com:8080
saml-rbac-admin-group: opsman.full_control
saml-rbac-groups-attribute: myenterprise

Managing Configuration, Auth, and State Files

To use all these files with the Concourse tasks that require them, you need to make them available as Concourse Resources. They’re all text files. There are many resource types that can work for this. In our examples, we use a git repository. As with the tasks and image, you’ll need to declare a resource in your pipeline for each repo you need.