At start up, heimdall searches for static configuration in a file named heimdall.yaml
in
You can also override this using the config
argument: heimdall --config <path-to-your-config-file>
.
The values in the configuration file can also make use of environment variables. Access to these happens using Bash syntax. Following expressions are supported:
${var}
- Value of $var
${var=default}
- If $var
is not set, evaluate expression as default
${var:=default}
- If $var
is not set or is empty, evaluate expression as default
Example 1. Possible minimal fully working configuration
The configuration below defines a default rule which lets heimdall create a JSON Web Token (JWT) with sub
claim set to anonymous
for every request on every URL for the HTTP methods GET and POST.
The JWT itself will be put into the Authorization
header as a bearer token.
log:
level: info
mechanisms:
authenticators:
- id: anonymous_authenticator
type: anonymous
finalizers:
- id: create_jwt
type: jwt
config:
signer:
key_store:
path: /etc/heimdall/signer.pem
default_rule:
execute:
- authenticator: anonymous_authenticator
- finalizer: create_jwt
Example 2. Configuration with a mechanism defined using environment variables substitution
mechanisms:
authenticators:
- id: hydra_authenticator
type: oauth2_introspection
config:
introspection_endpoint:
url: http://hydra:4445/oauth2/introspect
auth:
type: basic_auth
config:
user: ${INTROSPECT_EP_USER}
password: ${INTROSPECT_EP_PASSWORD}
finalizers:
- id: create_jwt
type: jwt
config:
signer:
key_store:
path: ${SIGNER_KEY_STORE_FILE}