Service Accounts
Federation Use Cases
Configuration of service accounts
Configure a service account like this using the short notation:
[serviceAccounts]
service1 = "qpPJE3mcfi8qIxMU9Xq009FlBwA="
Using the short notation is the same as using the full notation with the default header name x-api-key
[serviceAccounts.service1]
[serviceAccounts.service1.header]
name = "x-api-key"
value = "qpPJE3mcfi8qIxMU9Xq009FlBwA="
Here is the full set of config options:
[serviceAccounts]
[serviceAccounts.service1]
description = "This is just a description of the service"
[serviceAccounts.service1.header]
name = "service1-api-key"
value = "qpPJE3mcfi8qIxMU9Xq009FlBwA="
[serviceAccounts.service1.userapp]
[serviceAccounts.service1.userapp.headers]
## for example basic auth header for userapp requests the service may trigger
authorization = "Basic xxxxxxxxxx"
## configure which endpoints are allowed to use with the configured header, if empty, no restrictions
allowedEndpoints = ["/-/api1", "/-/api2"]
## optional information for the viewer
[serviceAccounts.service1.viewer]
dn = "cn=user1,ou=users,o=data"
firstName = "user"
lastName = "1"
mail = "[email protected]"
## custom options for 3rd party REST endpoints
[serviceAccounts.service1.rest]
## an external service that is configured in the [rest] section
[serviceAccounts.service1.rest.externalService]
## forward headers to be used for the external service
forwardHeaders = ["x-forwarded-header-1", "x-forwarded-header-2"]
## custom headers for the external service
[serviceAccounts.service1.rest.externalService.headers]
authorization = "Basic xxxxxxxx"
The example above allows an application to send requests to the IdentityHub if the request sends the header service1-api-key with the value qpPJE3mcfi8qIxMU9Xq009FlBwA=. The application is allowed to request the endpoints /-/api1 and /-/api2. It provides configurable basic information to return if the viewer is requested. Also it defines a basic auth header for the usage of the userapp, as well as arbitrary header values and headers to forward for a rest service externalService. This service also has to be configured in the rest config secion.