Getting Started with TIB
Requirements
TIB requires:
- Tyk Gateway v1.9.1+
- Redis
- Tyk Dashboard v0.9.7.1+ (Only if you want to do SSO to Tyk Dashboard UI or Tyk Developer Portal)
Installation
The simplest way to use TIB is the embedded version, starting from Tyk Dashboard v3.0 TIB is built-in to the dashboard, in this case TIB will store the profiles in the same mongo database configured for dashboard (in the standalone TIB the profiles will be stored in file indicated when the app is started).
Configuration
For the embedded TIB you don’t have to do anything, only ensure that in the Dashboard’s config file identity_broker
is not pointing to an external service, and identity_broker.enabled
is set to true
. For example:
"identity_broker": {
"enabled": true,
},
This settings behaves as follows:
- If
enabled
=false
then neither the external or internal TIB will be loaded - If
enabled
=true
and the tib host is not present the internal TIB will be loaded - If
enabled
=true
and the tib host is set, then external TIB will be loaded
Configure secret for hashing session cookies
To secure session cookies within Tyk Identity Broker (TIB) when integrating with social providers, setting the TYK_IB_SESSION_SECRET
environment variable is crucial. This variable plays a pivotal role in hashing session cookies, thereby enhancing security. By default, if this variable isn’t explicitly set, TIB falls back to using the Tyk Dashboard’s admin_secret when it’s embedded in the dashboard.
For a seamless and secure setup, start by generating a strong, unique secret string. It is recommended to use a string with 32 or 64 bytes to ensure optimal security, this string will be your session secret. In a Linux, Unix, or MacOS environment, you can set this variable by running the command export TYK_IB_SESSION_SECRET='your_secret'
.
Installing TIB as separate application
If you wish to install TIB as a separate application rather than use the embedded version then you have the following options:
Via Docker
You can install via Docker.
Via Packages
You can install via packages (deb or rpm).
Via Helm Chart for Kubernetes
Once you have installed the Gateway and Dashboard you can configure TIB by adding its configuration environment variables under the tib.extraEnvs
section and providing the profiles.json
as a ConfigMap - see below. See our TIB GitHub repo. Once you complete your modifications you can run the following command from the root of the repository to update your helm chart.
helm upgrade tyk-pro ./tyk-pro -n tyk
This chart implies there’s a ConfigMap with a profiles.json
definition in it. First create a ConfigMap in your cluster, and then use tib.configMap.profiles
value to reference the name of this ConfigMap (tyk-tib-profiles-conf by default).
Setting Absolute Paths
No command line arguments are needed, but if you are running TIB from another directory or during startup, you will need to set the absolute paths to the profile and config files:
Usage of ./tyk-auth-proxy:
-c=string
Path to the config file (default "tib.conf")
-p#=string
Path to the profiles file (default "profiles.json")