Cloud Login Install

Getting Started with TIB

Requirements

TIB requires:

  • Tyk Gateway v1.9.1+
  • Redis
  • Tyk Dashboard v0.9.7.1+ (Only if you want to do SSO to Tyk Dashboard UI or Tyk Developer Portal)

Installation

The simplest way to use TIB is the embedded version, starting from Tyk Dashboard v3.0 TIB is built-in to the dashboard, in this case TIB will store the profiles in the same mongo database configured for dashboard (in the standalone TIB the profiles will be stored in file indicated when the app is started).

Configuration

For the embedded TIB you don’t have to do anything, only ensure that in the Dashboard’s config file identity_broker is not pointing to an external service, and identity_broker.enabled is set to true. For example:

"identity_broker": {
    "enabled": true,
},

This settings behaves as follows:

  • If enabled = false then neither the external or internal TIB will be loaded
  • If enabled = true and the tib host is not present the internal TIB will be loaded
  • If enabled = true and the tib host is set, then external TIB will be loaded

Configure secret for hashing session cookies

To secure session cookies within Tyk Identity Broker (TIB) when integrating with social providers, setting the TYK_IB_SESSION_SECRET environment variable is crucial. This variable plays a pivotal role in hashing session cookies, thereby enhancing security. By default, if this variable isn’t explicitly set, TIB falls back to using the Tyk Dashboard’s admin_secret when it’s embedded in the dashboard.

For a seamless and secure setup, start by generating a strong, unique secret string. It is recommended to use a string with 32 or 64 bytes to ensure optimal security, this string will be your session secret. In a Linux, Unix, or MacOS environment, you can set this variable by running the command export TYK_IB_SESSION_SECRET='your_secret'.

Installing TIB as separate application

If you wish to install TIB as a separate application rather than use the embedded version then you have the following options:

Via Docker

You can install via Docker.

Via Packages

You can install via packages (deb or rpm).

Via Helm Chart for Kubernetes

Once you have installed the Gateway and Dashboard you can configure TIB by adding its configuration environment variables under the tib.extraEnvs section and providing the profiles.json as a ConfigMap - see below. See our TIB GitHub repo. Once you complete your modifications you can run the following command from the root of the repository to update your helm chart.

helm upgrade tyk-pro ./tyk-pro -n tyk

This chart implies there’s a ConfigMap with a profiles.json definition in it. First create a ConfigMap in your cluster, and then use tib.configMap.profiles value to reference the name of this ConfigMap (tyk-tib-profiles-conf by default).

Setting Absolute Paths

No command line arguments are needed, but if you are running TIB from another directory or during startup, you will need to set the absolute paths to the profile and config files:

Usage of ./tyk-auth-proxy:
  -c=string
        Path to the config file (default "tib.conf")
  -p#=string
        Path to the profiles file (default "profiles.json")

See how to configure TIB