This repository has been archived by the owner on Jan 15, 2023. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 5
/
awsauthd.conf.example
62 lines (53 loc) · 2.6 KB
/
awsauthd.conf.example
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
# This file specifies the configuration for awsauthd.
# It contains important authorization secrets so you should keep it private.
# The name of your google apps domain. Only users from this domain are allowed
# to log in.
google_domain = "example.com"
# Your Google OAuth client ID and secret. This is used to enable identity
# federation. Get yours from https://console.developers.google.com/
# (see README.md for details)
google_client_id = XXX.apps.googleusercontent.com"
google_client_secret = "XXX"
# Your Google service account email address and private key.
# Get yours from https://console.developers.google.com/
# (see README.md for details).
# The .p12 file you downloaded with a trivial passphrase. To get a plaintext
# version of the private key, do this:
#
# openssl pkcs12 -in ~/Downloads/ExampleProject-aaaaaaaaaaaa.p12 -nodes
#
google_service_email = "[email protected]"
google_service_private_key = """\
-----BEGIN RSA PRIVATE KEY-----
...
-----END RSA PRIVATE KEY-----
"""
# The Google service account requires a user to impersonate when checking the
# directory to see which groups a user is in. Specify this user here. This user
# is also used to test the directory service at startup.
google_service_user = "[email protected]"
# If true then the web service trusts the X-Forwarded-Proto and X-Forwarded-For
# headers when building URLs and reporting the remote address of a login. You
# should set this to true only if you are running behind a reverse proxy. If you
# use the cloudformation document, this setting is managed for you by setting
# AWSAUTHD_TRUST_X_FORWARDED=true in the environment.
#trust-x-forwarded=false
# This is the maximum time between the initialization of the Google login prompt
# and when it completes. This controls the expiration of the token we generate
# to pass state through the login process. The default of two minutes is
# probably fine for most people.
#login-timeout=120s
# Specifies which AWS region to connect to. If awsauthd is running in EC2 it
# detects the region automatically. Otherwise it uses us-east-1.
#aws-region=
# Specifies the credentials used to call GetFederationToken(). These credentials
# must be regular user credentials, not STS credentials, because
# GetFederationToken doesn't work with STS credentials. The policy applies to
# these credentials form the maximum allowed access for any users that we'll
# authenticate through this service.
#
# If you use the cloudformation document, you can leave these blank. We set
# AWSAUTHD_AWS_ACCESS_KEY_ID and AWSAUTHD_AWS_SECRET_ACCESS_KEY for you in the
# environment.
#aws-access-key-id=
#aws-secret-access-key=