Environments Using IIJ GIO Secure Apps Service

This section describes a sample of the configuration file needed when using the "SSL Gateway IIJ ID Link Option" that is one of the IIJ GIO Secure Apps.

The entitlements attribute for IIJ ID users must be configured to use the SSL Gateway IIJ ID Link Option.

In this sample configuration, the userPrincipalName is assigned as the value of the entitlements attribute for synchronization with the IIJ ID Service.

The following configuration files are provided as reference examples. Configure actual settings in accordance with your environment.

config.yml sample
log: 
  loglevel:                      info
 
ad: 
  ldap: 
    server: 
      addresses: 
                                 - 127.0.0.1
      user:                      'CN=administrator,CN=Users,DC=example,DC=co,DC=jp'
    base_dn:                     'DC=example,DC=co,DC=jp'
    filter: 
      user:                      'memberOf:1.2.840.113556.1.4.1941:=CN=IIJ ID Service User Group,OU=Groups,DC=example,DC=co,DC=jp'
      group:                     'memberOf:1.2.840.113556.1.4.1941:=CN=IIJ ID Service User Group,OU=Groups,DC=example,DC=co,DC=jp'
iid: 
  scim: 
    http: 
      proxy: 
        use:                     true
        address:                 proxy.example.co.jp
        port:                    8080
        user:                    iij-taro
    attribute: 
      user: 
        default: 
          entitlements: 
            - display:           userPrincipalName
              type:              userPrincipalName
              primary:           true
          emails: 
            - primary:           true
        ad_bind: 
          externalId:            objectGUID
          userName:              userPrincipalName
          name: 
            familyName:          sn
            givenName:           givenName
          localNames: 
            familyName:          msDS-PhoneticLastName
            givenName:           msDS-PhoneticFirstName
          active: 
                                 - userAccountControl
                                 - accountExpires
          emails: 
            - value:             mail
          entitlements: 
            - value:             userPrincipalName
      group: 
        ad_bind: 
          externalId:            objectGUID
          displayName:           name
secret.yml sample
ad: 
  ldap: 
    server: 
      password:   ldap_password
 
iid: 
  scim: 
    token:        scim_token
    http: 
      proxy: 
        password: proxy_password