HomeTyk Identity BrokerConfiguration

Configuration

Tyk Identity Broker is configured through two files: The configuration file (tib.conf) and the profiles file (profiles.json). TIB can also be managed via the REST API (detailed below) for automated configurations.

The tib.conf file

```
{
    "Secret": "test-secret",
    "HttpServerOptions": {
        "UseSSL": true,      
        "CertFile": "./certs/server.pem",
        "KeyFile": "./certs/server.key"
    },
    "BackEnd": {
        "Name": "in_memory",
        "IdentityBackendSettings": {
            "Hosts" : {
                "localhost": "6379"
            },
            "Password": "",
            "Database": 0,
            "EnableCluster": false,
            "MaxIdle": 1000,
            "MaxActive": 2000
        }
    },
    "TykAPISettings": {
        "GatewayConfig": {
            "Endpoint": "http://{GATEWAY-DOMAIN}",
            "Port": "80",
            "AdminSecret": "352d20ee67be67f6340b4c0605b044b7"
        },
        "DashboardConfig": {
            "Endpoint": "http://{DASHBOARD-DOMAIN}",
            "Port": "3000",
            "AdminSecret": "12345"
        }
    }
}
```

The various configuration options are outlined below:

Secret

The REST API secret to configure the TIB broker remotely.

HttpServerOptions.UseSSL

Set this to true to turn on SSL for the server, this is highly recommended.

HttpServerOptions.CertFile

The path to the certificate file for this server, required for SSL

HttpServerOptions.KeyFile

The path to the key file for this server, required for SSL

BackEnd

TIB is quite modular and different back-ends can be generated quite easily, out of the Box, TIB will store profile configurations in memory, which does not require any new configuration.

For Identity Handlers that provide token-based access, it is possible to enforce a “One token per provider, per user” policy, which keeps a cache of tokens assigned to identities in Redis, this is so that the broker can be scaled and share the cache across instances.

Since profiles are unlikely to change often, profiles are kept in-memory, but can be added, removed and modified using an API for automated setups if required.

BackEnd.Hosts

Add your redis hosts here as a map of hostname:port. Since TIB uses the same cluster driver as Tyk, it is possible to have TIB interact with your existing redis cluster if you enable it.

BackEnd.Password

The password for your Redis DB (recommended)

BackEnd.Database

If you are using multiple databases (not supported in Redis cluster), let TIB know which DB to use for Identity caching

BackEnd.EnableCluster

If you are using Redis cluster, enable it here to enable the slots mode

BackEnd.MaxIdle

Max idle connections to redis

BackEnd.MaxActive

Max active redis connections

TykAPISettings

This section enables you to configure the API credentials for the various Tyk Components TIB is interacting with.

TykAPISettings.GatewayConfig.Endpoint

The Hostname of the Tyk Gateway (this is for token generation purposes)

TykAPISettings.GatewayConfig.Port

The Port to use on the Tyk Gateway host

TykAPISettings.GatewayConfig.AdminSecret

The API secret for the Tyk Gateway REST API

TykAPISettings.DashboardConfig.Endpoint

The hostname of your Dashboard (Advanced API)

TykAPISettings.DashboardConfig.Port

The port of your Advanced API

TykAPISettings.DashboardConfig.AdminSecret

The high-level secret for the Advanced API. This is required because of the SSO-nature of some of the actions provided by TIB, it requires the capability to access a special SSO endpoint in the Advanced API to create one-time tokens for access.

Was this article helpful to you? Yes No