--- properties: encryption: active_key_label: key1 encryption_keys: - label: key1 passphrase: my-passphrase login: defaultIdentityProvider: uaa mfa: enabled: true providerName: myExampleProvider brand: oss enabled: true links: passwd: https://login.bosh-lite.com/forgot_password signup: https://login.bosh-lite.com/create_account saml: serviceProviderKey: | -----BEGIN RSA PRIVATE KEY----- MIICXQIBAAKBgQDHtC5gUXxBKpEqZTLkNvFwNGnNIkggNOwOQVNbpO0WVHIivig5 L39WqS9u0hnA+O7MCA/KlrAR4bXaeVVhwfUPYBKIpaaTWFQR5cTR1UFZJL/OF9vA fpOwznoD66DDCnQVpbCjtDYWX+x6imxn8HCYxhMol6ZnTbSsFW6VZjFMjQIDAQAB AoGAVOj2Yvuigi6wJD99AO2fgF64sYCm/BKkX3dFEw0vxTPIh58kiRP554Xt5ges 7ZCqL9QpqrChUikO4kJ+nB8Uq2AvaZHbpCEUmbip06IlgdA440o0r0CPo1mgNxGu lhiWRN43Lruzfh9qKPhleg2dvyFGQxy5Gk6KW/t8IS4x4r0CQQD/dceBA+Ndj3Xp ubHfxqNz4GTOxndc/AXAowPGpge2zpgIc7f50t8OHhG6XhsfJ0wyQEEvodDhZPYX kKBnXNHzAkEAyCA76vAwuxqAd3MObhiebniAU3SnPf2u4fdL1EOm92dyFs1JxyyL gu/DsjPjx6tRtn4YAalxCzmAMXFSb1qHfwJBAM3qx3z0gGKbUEWtPHcP7BNsrnWK vw6By7VC8bk/ffpaP2yYspS66Le9fzbFwoDzMVVUO/dELVZyBnhqSRHoXQcCQQCe A2WL8S5o7Vn19rC0GVgu3ZJlUrwiZEVLQdlrticFPXaFrn3Md82ICww3jmURaKHS N+l4lnMda79eSp3OMmq9AkA0p79BvYsLshUJJnvbk76pCjR28PK4dV1gSDUEqQMB qy45ptdwJLqLJCeNoR0JUcDNIRhOCuOPND7pcMtX6hI/ -----END RSA PRIVATE KEY----- serviceProviderKeyPassword: password serviceProviderCertificate: | -----BEGIN CERTIFICATE----- MIIDSTCCArKgAwIBAgIBADANBgkqhkiG9w0BAQQFADB8MQswCQYDVQQGEwJhdzEO MAwGA1UECBMFYXJ1YmExDjAMBgNVBAoTBWFydWJhMQ4wDAYDVQQHEwVhcnViYTEO MAwGA1UECxMFYXJ1YmExDjAMBgNVBAMTBWFydWJhMR0wGwYJKoZIhvcNAQkBFg5h cnViYUBhcnViYS5hcjAeFw0xNTExMjAyMjI2MjdaFw0xNjExMTkyMjI2MjdaMHwx CzAJBgNVBAYTAmF3MQ4wDAYDVQQIEwVhcnViYTEOMAwGA1UEChMFYXJ1YmExDjAM BgNVBAcTBWFydWJhMQ4wDAYDVQQLEwVhcnViYTEOMAwGA1UEAxMFYXJ1YmExHTAb BgkqhkiG9w0BCQEWDmFydWJhQGFydWJhLmFyMIGfMA0GCSqGSIb3DQEBAQUAA4GN ADCBiQKBgQDHtC5gUXxBKpEqZTLkNvFwNGnNIkggNOwOQVNbpO0WVHIivig5L39W qS9u0hnA+O7MCA/KlrAR4bXaeVVhwfUPYBKIpaaTWFQR5cTR1UFZJL/OF9vAfpOw znoD66DDCnQVpbCjtDYWX+x6imxn8HCYxhMol6ZnTbSsFW6VZjFMjQIDAQABo4Ha MIHXMB0GA1UdDgQWBBTx0lDzjH/iOBnOSQaSEWQLx1syGDCBpwYDVR0jBIGfMIGc gBTx0lDzjH/iOBnOSQaSEWQLx1syGKGBgKR+MHwxCzAJBgNVBAYTAmF3MQ4wDAYD VQQIEwVhcnViYTEOMAwGA1UEChMFYXJ1YmExDjAMBgNVBAcTBWFydWJhMQ4wDAYD VQQLEwVhcnViYTEOMAwGA1UEAxMFYXJ1YmExHTAbBgkqhkiG9w0BCQEWDmFydWJh QGFydWJhLmFyggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAYvBJ 0HOZbbHClXmGUjGs+GS+xC1FO/am2suCSYqNB9dyMXfOWiJ1+TLJk+o/YZt8vuxC KdcZYgl4l/L6PxJ982SRhc83ZW2dkAZI4M0/Ud3oePe84k8jm3A7EvH5wi5hvCkK RpuRBwn3Ei+jCRouxTbzKPsuCVB+1sNyxMTXzf0= -----END CERTIFICATE----- signatureAlgorithm: SHA256 providers: okta-signed-or-encrypted: idpMetadata: | MIICmTCCAgKgAwIBAgIGAUPATqmEMA0GCSqGSIb3DQEBBQUAMIGPMQswCQYDVQQGEwJVUzETMBEG A1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsGA1UECgwET2t0YTEU MBIGA1UECwwLU1NPUHJvdmlkZXIxEDAOBgNVBAMMB1Bpdm90YWwxHDAaBgkqhkiG9w0BCQEWDWlu Zm9Ab2t0YS5jb20wHhcNMTQwMTIzMTgxMjM3WhcNNDQwMTIzMTgxMzM3WjCBjzELMAkGA1UEBhMC VVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xDTALBgNVBAoM BE9rdGExFDASBgNVBAsMC1NTT1Byb3ZpZGVyMRAwDgYDVQQDDAdQaXZvdGFsMRwwGgYJKoZIhvcN AQkBFg1pbmZvQG9rdGEuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCeil67/TLOiTZU WWgW2XEGgFZ94bVO90v5J1XmcHMwL8v5Z/8qjdZLpGdwI7Ph0CyXMMNklpaR/Ljb8fsls3amdT5O Bw92Zo8ulcpjw2wuezTwL0eC0wY/GQDAZiXL59npE6U+fH1lbJIq92hx0HJSru/0O1q3+A/+jjZL 3tL/SwIDAQABMA0GCSqGSIb3DQEBBQUAA4GBAI5BoWZoH6Mz9vhypZPOJCEKa/K+biZQsA4Zqsuk vvphhSERhqk/Nv76Vkl8uvJwwHbQrR9KJx4L3PRkGCG24rix71jEuXVGZUsDNM3CUKnARx4MEab6 GFHNkZ6DmoT/PFagngecHu+EwmuDtaG0rEkFrARwe+d8Ru0BN558abFburn:oasis:names:tc:SAML:1.1:nameid-format:emailAddressurn:oasis:names:tc:SAML:1.1:nameid-format:unspecified nameID: urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress assertionConsumerIndex: 0 metadataTrustCheck: true showSamlLoginLink: true linkText: 'Okta Preview Signed' okta-local: idpMetadata: https://pivotal.oktapreview.com/app/k36wkjw6EAEJVZXFFDAU/sso/saml/metadata nameID: urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress assertionConsumerIndex: 0 metadataTrustCheck: true showSamlLoginLink: true linkText: 'Okta Preview 1' iconUrl: 'http://link.to/icon.jpg' addShadowUserOnLogin: true externalGroupsWhitelist: - admin - user emailDomain: - example.com attributeMappings: given_name: firstName family_name: surname providerDescription: 'Human readable description of this provider' smtp: password: user: from_address: uaa: admin: client_secret: admin-secret catalina_opts: "-Xmx192m -XX:MaxMetaspaceSize=128m" cc: client_secret: cc-secret clients: cc-service-dashboards: authorities: clients.read,clients.write,clients.admin authorized-grant-types: client_credentials scope: openid,cloud_controller_service_permissions.read secret: cc-broker-secret cc_routing: authorities: routing.router_groups.read authorized-grant-types: client_credentials secret: cc-routing-secret cf: access-token-validity: 600 authorities: uaa.none authorized-grant-types: password,refresh_token override: true refresh-token-validity: 2592000 scope: cloud_controller.read,cloud_controller.write,openid,password.write,cloud_controller.admin,scim.read,scim.write,doppler.firehose,uaa.user,routing.router_groups.read secret: '' cloud_controller_username_lookup: authorities: scim.userids authorized-grant-types: client_credentials secret: cloud-controller-username-lookup-secret doppler: authorities: uaa.resource override: true secret: doppler-secret authorized-grant-types: client_credentials gorouter: authorities: routing.routes.read authorized-grant-types: client_credentials secret: gorouter-secret notifications: authorities: cloud_controller.admin,scim.read authorized-grant-types: client_credentials secret: notification-secret ssh-proxy: authorized-grant-types: authorization_code autoapprove: true override: true redirect-uri: "http://ssh-proxy-redirect-domain.com/login" scope: openid,cloud_controller.read,cloud_controller.write,cloud_controller.admin secret: ssh-proxy-secret tcp_emitter: authorities: routing.routes.write,routing.routes.read,routing.router_groups.read authorized-grant-types: client_credentials secret: tcp-emitter-secret tcp_router: authorities: routing.routes.read,routing.router_groups.read authorized-grant-types: client_credentials secret: tcp-router-secret implicit_ok: scope: openid authorized-grant-types: implicit secret: null redirect-uri: "http://some.redirect.com/callback" many_redirects: scope: uaa.user authorized-grant-types: authorization_code secret: secret redirect-uri: http://localhost,http://localhost:8080,http://localhost:8080/uaa,http://valid.com,http://sub.valid.com,http://valid.com/with/path,https://subsub.sub.valid.com/**,https://valid.com/path/*/path,http://sub.valid.com/*/with/path**,http*://sub.valid.com/*/with/path**,http*://*.valid.com/*/with/path**,http://*.valid.com/*/with/path**,https://*.valid.com/*/with/path**,https://*.*.valid.com/*/with/path**,http://sub*.valid.com/*/with/path**,http://*.domain.com,http://username:password@some.server.com,http://username:password@some.server.com/path issuer: https://uaa.bosh-lite.com jwt: signing_key: | -----BEGIN RSA PRIVATE KEY----- MIICXAIBAAKBgQDHFr+KICms+tuT1OXJwhCUmR2dKVy7psa8xzElSyzqx7oJyfJ1 JZyOzToj9T5SfTIq396agbHJWVfYphNahvZ/7uMXqHxf+ZH9BL1gk9Y6kCnbM5R6 0gfwjyW1/dQPjOzn9N394zd2FJoFHwdq9Qs0wBugspULZVNRxq7veq/fzwIDAQAB AoGBAJ8dRTQFhIllbHx4GLbpTQsWXJ6w4hZvskJKCLM/o8R4n+0W45pQ1xEiYKdA Z/DRcnjltylRImBD8XuLL8iYOQSZXNMb1h3g5/UGbUXLmCgQLOUUlnYt34QOQm+0 KvUqfMSFBbKMsYBAoQmNdTHBaz3dZa8ON9hh/f5TT8u0OWNRAkEA5opzsIXv+52J duc1VGyX3SwlxiE2dStW8wZqGiuLH142n6MKnkLU4ctNLiclw6BZePXFZYIK+AkE xQ+k16je5QJBAN0TIKMPWIbbHVr5rkdUqOyezlFFWYOwnMmw/BKa1d3zp54VP/P8 +5aQ2d4sMoKEOfdWH7UqMe3FszfYFvSu5KMCQFMYeFaaEEP7Jn8rGzfQ5HQd44ek lQJqmq6CE2BXbY/i34FuvPcKU70HEEygY6Y9d8J3o6zQ0K9SYNu+pcXt4lkCQA3h jJQQe5uEGJTExqed7jllQ0khFJzLMx0K6tj0NeeIzAaGCQz13oo2sCdeGRHO4aDh HH6Qlq/6UOV5wP8+GAcCQFgRCcB+hrje8hfEEefHcFpyKH+5g1Eu1k0mLrxK2zd+ 4SlotYRHgPCEubokb2S1zfZDWIXW3HmggnGgM949TlY= -----END RSA PRIVATE KEY----- verification_key: | -----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDHFr+KICms+tuT1OXJwhCUmR2d KVy7psa8xzElSyzqx7oJyfJ1JZyOzToj9T5SfTIq396agbHJWVfYphNahvZ/7uMX qHxf+ZH9BL1gk9Y6kCnbM5R60gfwjyW1/dQPjOzn9N394zd2FJoFHwdq9Qs0wBug spULZVNRxq7veq/fzwIDAQAB -----END PUBLIC KEY----- port: 8080 scim: userids_enabled: true users: - groups: - scim.write - scim.read - openid - cloud_controller.admin - clients.read - clients.write - doppler.firehose - routing.router_groups.read name: admin password: admin ssl: port: 8443 sslCertificate: | -----BEGIN CERTIFICATE----- MIIEJzCCAw+gAwIBAgIJAKcbTg/7imgFMA0GCSqGSIb3DQEBBQUAMGoxCzAJBgNV BAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQKEw1DbG91ZCBGb3Vu ZHJ5MQwwCgYDVQQLEwNVQUExIDAeBgNVBAMTF3VhYS5zZXJ2aWNlLmNmLmludGVy bmFsMB4XDTE2MDIyNjE4NDcwM1oXDTI2MDIyMzE4NDcwM1owajELMAkGA1UEBhMC VVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAoTDUNsb3VkIEZvdW5kcnkx DDAKBgNVBAsTA1VBQTEgMB4GA1UEAxMXdWFhLnNlcnZpY2UuY2YuaW50ZXJuYWww ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC1ePY4cEfqPCX8IObvlCtv mWQW00hzJ2GiGRT/4cuCCppn7O04Io2GWR8HiIEtqNqMmPfglzT4tuNeUzsgTBfF /w3sdF4HwlRXHoAHXbFpZlfe057q5IKdzDy6yqY4mDVwzLUtof9PwcZ8U7Jm3j3A yXozeRiXE4pevprMLCjq+AXmOHSMxUC6K3haR3pAsmgPioanViLC1TsLdOQ1E9z+ lirjiYYFUBep/y6mNuVdEbHdmMRFmmVIldtB9R8vlUa04b7ghnWX1wyZRD1WpucB cV9hoeIwgTVBrHRro4jnobOmK36pmlc2HpFaLtb0didZveO2oxN4i3oW/rwOP0of AgMBAAGjgc8wgcwwHQYDVR0OBBYEFCavF5V4kxQ/8g3H29qWkVUbQ/u6MIGcBgNV HSMEgZQwgZGAFCavF5V4kxQ/8g3H29qWkVUbQ/u6oW6kbDBqMQswCQYDVQQGEwJV UzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEChMNQ2xvdWQgRm91bmRyeTEM MAoGA1UECxMDVUFBMSAwHgYDVQQDExd1YWEuc2VydmljZS5jZi5pbnRlcm5hbIIJ AKcbTg/7imgFMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBALJQDlKt j0BZEYsuS7RSFMWRQjol0Z4tQnUoOquiBD3bL4RVxBHYFZZ6rufwxKPsRHbduUO8 d7y3ar8iOU/3IeXWFTFgjjTU3gqD15rUckeH4NTNExxbRLWStbEaxn6uL35To6zx surB3v0bMY3w1fwHbWwAQ+Fw8y/izLxcv61uTJXlQjjBcNnXlqKBnfB8HjjfWppb O6k1jA9cUA69vIxN0KqxunSCrNmJWCwDPx22bX1oCyhaqUtLyOHuEA4Q8VNEj6Nh a/V0gzk7kVKnBRwgY50xrEQhw0r6CCeydy2hthmrcWpujaEapymfv0lHvDiyA8sL m99p7wzkO1EuAz8= -----END CERTIFICATE----- sslPrivateKey: | -----BEGIN RSA PRIVATE KEY----- MIIEogIBAAKCAQEAtXj2OHBH6jwl/CDm75Qrb5lkFtNIcydhohkU/+HLggqaZ+zt OCKNhlkfB4iBLajajJj34Jc0+LbjXlM7IEwXxf8N7HReB8JUVx6AB12xaWZX3tOe 6uSCncw8usqmOJg1cMy1LaH/T8HGfFOyZt49wMl6M3kYlxOKXr6azCwo6vgF5jh0 jMVAuit4Wkd6QLJoD4qGp1YiwtU7C3TkNRPc/pYq44mGBVAXqf8upjblXRGx3ZjE RZplSJXbQfUfL5VGtOG+4IZ1l9cMmUQ9VqbnAXFfYaHiMIE1Qax0a6OI56Gzpit+ qZpXNh6RWi7W9HYnWb3jtqMTeIt6Fv68Dj9KHwIDAQABAoIBAF3lptDxF+TVFnps s9FHA2qNHcLJs/URbW0oOTtlI523ysj3SI8BIeVf+7Q0J1LuyZZyF9/3nQsL5n2J 51AAz1Q9coDkfTrajDU/rNMi4Yc90z2SlenILuVjJhEohfVGnHAvG5fu+GHWS9NM o0SivaUhGr/DarvQ+omnagU23D0nFKfrS1FC78cxoJKgKJbOVOWMZvAKlFHTv4z1 3oozzOobJRE9qWmtBoWiWCLVmiXchpj8nOu8R/ybmJksBsmbERZPXnFIpUQVV3Ll TGaeIviboJXQx7MmolbH+61k9rgdpNvUgR/MP/jxtcKUOJVxnTCjITW5YAHR/az+ 8UAC8SECgYEA5o0xoWVQG9yb/lrO7txCHotILsZjk9BTucCIdh7nJutSVaNikRcy M6/TwCjRUeFghgspWrvY01L2cP38LU0lqjiwzs0Jhxs+lFkpihU3KivgrWtUY5Vx OHmy2TW+kodIZJUyY+mHYgI3fKiIByR5rM9LHp6vvw9MQ9GICB2u0UkCgYEAyYDr BMO6aM8diveRlY/HwbgRgpb/TI4JuyVY19aH2qzo6hGkc/YV6rit/hnDB7uZpM/z Kj3I+H0Xm4MQyUGmaiaEZfKMoVONb6CQmM2cDkGjSbGu+duP3Ol6EDc7u/svKSg+ v32snrU2Cs1T7PxgDOgWrvuD232w0bDbUcKaKCcCgYBl5T9rKqDWP5F+QFo2/YgH gd18NthpyuhGL47gTdYxwE2aZeS5ZXwdlfdLdX7V5ntHowU7AczZ0U/0LnzW9MLR 0c5rB/nPCb6FyEZwreG8tLnPS6F3heQNZtQh5fv9POdE9R/ZQqxAJ+SoJsBAD+Hq +48i0FWyZqt5SdEKbTwHaQKBgDyOKJKq+2cp7vfnRHIM3nwiA+kZ1ak8+kGqjJN4 niUiV3CYUrKinp2GWIuHVGwLfbXg5HOqU64RcbnDXpUMzKUT5C/6/zYwNM36E9pH 2AEUyqyH4EyoJgi+hXdAEgyBBQA6XvkPHIQpcw81+2W5xme6i66UWWDp2ex6WL6u W8N7AoGAWuxpDX9MawvJ5j62u19o9giJ9bSq/KwJ/cAEJql+V9c3d9RZenS90OTV HzneT3ZbOcsEIvK14FecXzV7OqRvOePXSJ2cS8lNqd1k2pxCjliYW4pfQm7e58ma /6wtWeX8QMBcZ6ufxs0VgxPv4P8jczrzqxgszLUK8hdnZEL7+xk= -----END RSA PRIVATE KEY----- url: https://uaa.bosh-lite.com limitedFunctionality: whitelist: endpoints: - /oauth/authorize/** - /oauth/token/** - /check_token/** methods: - GET - HEAD zones: internal: hostnames: - uaa.service.cf.internal uaadb: address: 10.244.0.30 databases: - citext: true name: uaadb tag: uaa db_scheme: postgres port: 5524 roles: - name: uaaadmin password: admin tag: admin