Skip to main content

Configuration

1. Configuration Highlights

Below are some general configuration points that illustrate how you might enable or disable particular features. Adapt these examples to your environment:

1.1 Enabling SSO / Disabling Internal Login

In config.json or the relevant configuration file:

{
  "apiUrls": {
    "base": "%API_LOCATION%/",
    "loginWithSSO": "%AUTH_LOCATION%/auth/casLogin",
    "logoutWithSSO": "%AUTH_LOCATION%/auth/casLogout",
    ...
  }
  "autologinSSO": true
}
  • AUTH_LOCATION defines the SSO endpoint for redirection.
  • autologinSSO skips the local login page, redirecting users automatically to SSO.

1.2 Validating SSO Tokens

In tsm-user-management.yml:

tsm:
  security:
    jwt:
      publicKey: |
        -----BEGIN PUBLIC KEY-----
        ...
        -----END PUBLIC KEY-----
  • The publicKey is used to validate tokens (JWT or other formats) from the SSO or IAM system.

1.3 LDAP/AD Synchronization

security:
  ad-config:
    ldap-sync: true
    ldap-auth-enabled: true
    url: ldap://my-ldap-host:389
    base-dn: DC=example,DC=com
    domain: EXAMPLE
    search-base: (sAMAccountName={1})
    mng-user: EXAMPLE\service_account
    mng-password: your_service_account_password
    ldap-nonexist-user-deactivate: false
  • ldap-sync: If true, tSM periodically queries the LDAP for new users, roles, or group memberships.
  • ldap-auth-enabled: Allows domain credentials to be used at login.
  • ldap-nonexist-user-deactivate: Deactivates tSM user accounts if they disappear from LDAP.