Environment Variables
Environment variables for the idp service
| Name | Introduction Version | Type | Description | Default Value |
|---|---|---|---|---|
IDP_PASSWORD_RESET_URI | 1.0.0 | string | The URI where a user can reset their password. | |
OC_TRACING_ENABLEDIDP_TRACING_ENABLED | 1.0.0 | bool | Activates tracing. | false |
OC_TRACING_TYPEIDP_TRACING_TYPE | 1.0.0 | string | The type of tracing. Defaults to '', which is the same as 'jaeger'. Allowed tracing types are 'jaeger' and '' as of now. | |
OC_TRACING_ENDPOINTIDP_TRACING_ENDPOINT | 1.0.0 | string | The endpoint of the tracing agent. | |
OC_TRACING_COLLECTORIDP_TRACING_COLLECTOR | 1.0.0 | string | The HTTP endpoint for sending spans directly to a collector, i.e. \http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset. | |
OC_LOG_LEVELIDP_LOG_LEVEL | 1.0.0 | string | The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'. | |
OC_LOG_PRETTYIDP_LOG_PRETTY | 1.0.0 | bool | Activates pretty log output. | false |
OC_LOG_COLORIDP_LOG_COLOR | 1.0.0 | bool | Activates colorized log output. | false |
OC_LOG_FILEIDP_LOG_FILE | 1.0.0 | string | The path to the log file. Activates logging to this file if set. | |
IDP_DEBUG_ADDR | 1.0.0 | string | Bind address of the debug server, where metrics, health, config and debug endpoints will be exposed. | 127.0.0.1:9134 |
IDP_DEBUG_TOKEN | 1.0.0 | string | Token to secure the metrics endpoint. | |
IDP_DEBUG_PPROF | 1.0.0 | bool | Enables pprof, which can be used for profiling. | false |
IDP_DEBUG_ZPAGES | 1.0.0 | bool | Enables zpages, which can be used for collecting and viewing in-memory traces. | false |
IDP_HTTP_ADDR | 1.0.0 | string | The bind address of the HTTP service. | 127.0.0.1:9130 |
IDP_HTTP_ROOT | 1.0.0 | string | Subdirectory that serves as the root for this HTTP service. | / |
IDP_TRANSPORT_TLS_CERT | 1.0.0 | string | Path/File name of the TLS server certificate (in PEM format) for the IDP service. If not defined, the root directory derives from $OC_BASE_DATA_PATH/idp. | /home/chaser/.opencloud/idp/server.crt |
IDP_TRANSPORT_TLS_KEY | 1.0.0 | string | Path/File name for the TLS certificate key (in PEM format) for the server certificate to use for the IDP service. If not defined, the root directory derives from $OC_BASE_DATA_PATH/idp. | /home/chaser/.opencloud/idp/server.key |
IDP_TLS | 1.0.0 | bool | Disable or Enable HTTPS for the communication between the Proxy service and the IDP service. If set to 'true', the key and cert files need to be configured and present. | false |
OC_REVA_GATEWAY | 1.0.0 | string | The CS3 gateway endpoint. | eu.opencloud.api.gateway |
OC_GRPC_CLIENT_TLS_MODE | 1.0.0 | string | TLS mode for grpc connection to the go-micro based grpc services. Possible values are 'off', 'insecure' and 'on'. 'off': disables transport security for the clients. 'insecure' allows using transport security, but disables certificate verification (to be used with the autogenerated self-signed certificates). 'on' enables transport security, including server certificate verification. | |
OC_GRPC_CLIENT_TLS_CACERT | 1.0.0 | string | Path/File name for the root CA certificate (in PEM format) used to validate TLS server certificates of the go-micro based grpc services. | |
OC_MACHINE_AUTH_API_KEYIDP_MACHINE_AUTH_API_KEY | 1.0.0 | string | Machine auth API key used to validate internal requests necessary for the access to resources from other services. | |
IDP_ASSET_PATH | 1.0.0 | string | Serve IDP assets from a path on the filesystem instead of the builtin assets. | |
IDP_LOGIN_BACKGROUND_URL | 1.0.0 | string | Configure an alternative URL to the background image for the login page. | |
OC_URLOC_OIDC_ISSUERIDP_ISS | 1.0.0 | string | The OIDC issuer URL to use. | https://localhost:9200 |
IDP_IDENTITY_MANAGER | 1.0.0 | string | The identity manager implementation to use. Supported identity managers are 'ldap', 'cs3', 'libregraph' and 'guest'. | ldap |
IDP_URI_BASE_PATH | 1.0.0 | string | IDP uri base path (defaults to ''). | |
IDP_SIGN_IN_URI | 1.0.0 | string | IDP sign-in url. | |
IDP_SIGN_OUT_URI | 1.0.0 | string | IDP sign-out url. | |
IDP_ENDPOINT_URI | 1.0.0 | string | URL of the IDP endpoint. | |
OC_LDAP_INSECUREIDP_INSECURE | 1.0.0 | bool | Disable TLS certificate validation for the LDAP connections. Do not set this in production environments. | false |
IDP_ALLOW_CLIENT_GUESTS | 1.0.0 | bool | Allow guest clients to access OpenCloud. | false |
IDP_ALLOW_DYNAMIC_CLIENT_REGISTRATION | 1.0.0 | bool | Allow dynamic client registration. | false |
IDP_ENCRYPTION_SECRET_FILE | 1.0.0 | string | Path to the encryption secret file, if unset, a new certificate will be autogenerated upon each restart, thus invalidating all existing sessions. If not defined, the root directory derives from $OC_BASE_DATA_PATH/idp. | /home/chaser/.opencloud/idp/encryption.key |
IDP_DEFAULT_SIGNIN_PAGE_TEXT | 2.0.0 | string | ||
IDP_DEFAULT_LOGO_TARGET_URI | next | string | Default logo target URI. | https://opencloud.eu |
IDP_SIGNING_KID | 1.0.0 | string | Value of the KID (Key ID) field which is used in created tokens to uniquely identify the signing-private-key. | private-key |
IDP_SIGNING_METHOD | 1.0.0 | string | Signing method of IDP requests like 'PS256' | PS256 |
IDP_SIGNING_PRIVATE_KEY_FILES | 1.0.0 | []string | A list of private key files for signing IDP requests. If not defined, the root directory derives from $OC_BASE_DATA_PATH/idp. See the Environment Variable Types description for more details. | [/home/chaser/.opencloud/idp/private-key.pem] |
IDP_VALIDATION_KEYS_PATH | 1.0.0 | string | Path to validation keys for IDP requests. | |
IDP_ACCESS_TOKEN_EXPIRATION | 1.0.0 | uint64 | 'Access token lifespan in seconds (time before an access token is expired).' | 300 |
IDP_ID_TOKEN_EXPIRATION | 1.0.0 | uint64 | ID token lifespan in seconds (time before an ID token is expired). | 300 |
IDP_REFRESH_TOKEN_EXPIRATION | 1.0.0 | uint64 | Refresh token lifespan in seconds (time before an refresh token is expired). This also limits the duration of an idle offline session. | 2592000 |
IDP_DYNAMIC_CLIENT_SECRET_DURATION | 1.0.0 | uint64 | Lifespan in seconds of a dynamically registered OIDC client. | 0 |
OC_LDAP_URIIDP_LDAP_URI | 1.0.0 | string | Url of the LDAP service to use as IDP. | ldaps://localhost:9235 |
OC_LDAP_CACERTIDP_LDAP_TLS_CACERT | 1.0.0 | string | Path/File name for the root CA certificate (in PEM format) used to validate TLS server certificates of the LDAP service. If not defined, the root directory derives from $OC_BASE_DATA_PATH/idp. | /home/chaser/.opencloud/idm/ldap.crt |
OC_LDAP_BIND_DNIDP_LDAP_BIND_DN | 1.0.0 | string | LDAP DN to use for simple bind authentication with the target LDAP server. | uid=idp,ou=sysusers,o=libregraph-idm |
OC_LDAP_BIND_PASSWORDIDP_LDAP_BIND_PASSWORD | 1.0.0 | string | Password to use for authenticating the 'bind_dn'. | |
OC_LDAP_USER_BASE_DNIDP_LDAP_BASE_DN | 1.0.0 | string | Search base DN for looking up LDAP users. | ou=users,o=libregraph-idm |
OC_LDAP_USER_SCOPEIDP_LDAP_SCOPE | 1.0.0 | string | LDAP search scope to use when looking up users. Supported scopes are 'base', 'one' and 'sub'. | sub |
IDP_LDAP_LOGIN_ATTRIBUTE | 1.0.0 | string | LDAP User attribute to use for login like 'uid'. | uid |
OC_LDAP_USER_SCHEMA_MAILIDP_LDAP_EMAIL_ATTRIBUTE | 1.0.0 | string | LDAP User email attribute like 'mail'. | |
OC_LDAP_USER_SCHEMA_USERNAMEIDP_LDAP_NAME_ATTRIBUTE | 1.0.0 | string | LDAP User name attribute like 'displayName'. | displayName |
OC_LDAP_USER_SCHEMA_IDIDP_LDAP_UUID_ATTRIBUTE | 1.0.0 | string | LDAP User UUID attribute like 'uid'. | openCloudUUID |
IDP_LDAP_UUID_ATTRIBUTE_TYPE | 1.0.0 | string | LDAP User uuid attribute type like 'text'. | text |
OC_LDAP_USER_ENABLED_ATTRIBUTEIDP_USER_ENABLED_ATTRIBUTE | 1.0.0 | string | LDAP Attribute to use as a flag telling if the user is enabled or disabled. | openCloudUserEnabled |
OC_LDAP_USER_FILTERIDP_LDAP_FILTER | 1.0.0 | string | LDAP filter to add to the default filters for user search like '(objectclass=openCloudUser)'. | |
OC_LDAP_USER_OBJECTCLASSIDP_LDAP_OBJECTCLASS | 1.0.0 | string | LDAP User ObjectClass like 'inetOrgPerson'. | inetOrgPerson |