Cloud Foundry (CF) auth can be used for operators who wish to authenticate their users configured against their Cloud Foundry instance via the UAA auth component.
You'll need to configure your UAA with a
concourse client by setting the following under
concourse: id: myclientid secret: myclientsecret scope: openid,cloud_controller.read authorized-grant-types: "authorization_code,refresh_token" access-token-validity: 3600 refresh-token-validity: 3600 redirect-uri: https://concourse.example.com/sky/issuer/callback
The value for
redirect-uri must be the external URL of your Concourse server with
For example, Concourse's own CI server's callback URL would be:
Next, you'll need to take the same client ID and secret and configure it on the
web node by setting the following env:
CONCOURSE_CF_API_URL=http://mycf.example.com CONCOURSE_CF_CLIENT_ID=myclientid CONCOURSE_CF_CLIENT_SECRET=myclientsecret
Note: if you're integrating with Cloud Foundry, you're probably also deploying Concourse via BOSH - in which case you'll want to set the
cf_auth.* properties in your manifest instead of setting the above env.