The SBCS Login Service configuration file is /etc/ecm4u/sbcs-ticketserver/confg.
On first installation, the SBCS Login Service generates a pair of public key and private key. These are stored as /etc/ecm4u/sbcs-ticketserver/key{.pub}.
The configurable options are:
#
# HTTP Server
#
# Interface to bind to.
TS_HOST=localhost
# Port to listen on.
TS_PORT=8062
# Base URL of static JS/CSS assets.
TS_STATIC_URL=http://localhost/static/
#
# SSH key pair
#
# Path to the private key.
TS_KEY=/etc/ecm4u/sbcs-ticketserver/key
#
# Logging
#
# Directory to log to.
TS_LOG_DIRECTORY=/var/log/ecm4u/sbcs-ticketserver
#
# LDAP
#
# LDAP host.
TS_LDAP_HOST=ldap.example.com
# LDAP port.
TS_LDAP_PORT=389
# LDAP domain.
TS_LDAP_DOMAIN=example.com
# LDAP user to bind with.
TS_LDAP_BIND_USER=bind-user@example.com
# Password of the LDAP bind user.
TS_LDAP_PASSWORD=secret
# LDAP user search base.
TS_LDAP_USER_SEARCH_BASE=OU=users,DC=example,DC=com
# LDAP user base class.
TS_LDAP_USER_CLASS=person
# LDAP attribute tht identifies a user.
TS_LDAP_USER_ID_ATTRIBUTE=sAMAccountName
# Additional attributes of user objects.
TS_LDAP_USER_ADDITIONAL_ATTRIBUTES=sAMAccountName,objectSid,memberof,userPrincipalName
# LDAP group search base.
TS_LDAP_GROUP_SEARCH_BASE=OU=groups,DC=example,DC=com
# LDAP group base class.
TS_LDAP_GROUP_BASE_CLASS=group
# LDAP groups whose members have the USER role.
TS_LDAP_GROUPS_USER=team1,team2
# LDAP groups whose members have the ADMIN role.
TS_LDAP_GROUPS_ADMIN=admins,superusers
# Prefixes for LDAP appliaction groups to collect.
TS_LDAP_GROUPS_PREFIXES=SBCS_MDH_,SBCS_FAW_,SBCS_RS_,SBCS_STM_
#
# Database
#
# DB host.
TS_DB_HOST=localhost
# DB port.
TS_DB_PORT=5432
# DB user.
TS_DB_USER=sbcs
# DB password.
TS_DB_PASSWORD=sbcs
# DB database.
TS_DB_DB=ticketserver
# DB schema.
TS_DB_SCHEMA=
#
# AMQP/RabbitMQ
#
# AMQP host.
TS_AMQP_HOST=localhost
# AMQP port.
TS_AMQP_PORT=15672
# AMQP user with admin permissions.
TS_AMQP_USER=guest
# AMQP password.
TS_AMQP_PASSWORD=guest
# AMPQ vhost.
TS_AMQP_VHOST=/
# Base AMQP exchange for SBCS.
TS_AMQP_EXCHANGE=sbcs
#
# JWT validity duration
#
# in minutes
TS_DURATION_MINUTES=60The SBCS Login Service can act as a backend for the RabbitMQ rabbitmq_auth_backend_http plugin. The service implements four HTTP methods that listen on:
/api/v1/verify_user: allows/denies based on the verification of a JWT given as the password/api/v1/verify_vhost: always allows/api/v1/verify_resource: allows/denies based on the configuration below/api/v1/verify_topic: always allowsThe behaviour of these methods is configured in /etc/ecm4u/sbcs-ticketserver/sbcs-ticketserver-amqp-verify.yml with these defaults:
resource:
configure:
users:
- guest
write:
users:
- guest
read:
exchange:
users:
- guest
queue:
matches:
- ^{username};configuration and write access is only allowed to the user guestread access to an exchange is only allowed to the user guestread access to a queue is allowed if the name of the queue starts with the username and a semicolon