Connect Onegini IdP with extension over https

This guide will walk you through the steps required to configure secure connection between Onegini IdP and extension. We will focus on configuring truststore for Onegini IdP and keystore for extension as only this configuration is required for this case.

Prerequisites

  • keystore in JKS format for extension
  • truststore with imported extension keystore in JKS format for Onegini IdP
  • configured Onegini IdP environment as described in quick start

Configure https for extension

To start extension on https you need to pass these properties to extension container:

SERVER**SSL**KEY**STORE=<path to keystore>
SERVER**SSL**KEY**PASSWORD=<keystore password>

Additionally you need to inform application on which protocol will be started by providing this property:

IDP**EXTENSION**PROTOCOL=https

All the extension properties are defined in properties chapter.

Example docker-compose.yml could look like this:

version: '2'
services:
  idp-extension:
    image: "..."
    volumes:
      - ${PWD}/https/certs/:/opt/data/certs
    environment:
      - SERVER**SSL**KEY**STORE=/opt/data/certs/keystore.jks
      - SERVER**SSL**KEY**PASSWORD=password
      - IDP**EXTENSION**PROTOCOL=https
      - ...

Configure truststore for Onegini IdP

To start Onegini IdP with configured truststore you need to pass these properties to Onegini IdP container:

IDP**HTTPS**TRUST**STORE=<path to truststore>
IDP**HTTPS**TRUST**STORE**PASSWORD=<truststore password>
IDP**EXTENSION**CONFIG**URL=https://<domain>:8181/extension/config

All the Onegini IdP https properties are defined in properties chapter.

Example docker-compose.yml could look like this:

version: '2'
services:
  idp-core:
    image: "..."
    volumes:
      - ${PWD}/https/certs/:/opt/data/certs
    environment:
      - IDP**HTTPS**TRUST**STORE=/opt/data/certs/truststore.ts
      - IDP**HTTPS**TRUST**STORE**PASSWORD=password
      - IDP**EXTENSION**CONFIG**URL=https://localhost:8181/extension/config
      - ...

Test the environment

After providing above docker-compose changes please restart containers and check if Onegini IdP loaded configuration from extension. You should see below logs in console:

[...ExtensionConfigLoader] Loading extension config from https://idp-extension.dev.onegini.me:8181/extension/config ...
[...ExtensionConfigLogger] Extension config successfully loaded. The configuration contains: properties contain 130 keys, messages contain 0 keys, email templates contain entries: [], web templates contain entries: [personal/fragment**analytics.html], static resources contain entries: [css/branding.css], webjars resources contain entries: []

If above log is not visible please check if extension started on https. You should see something similar to below log in extension:

Tomcat started on port(s): 8181 (https)

The other thing may be that Onegini IdP is not able to connect with extension over https. In this case please check if truststore and keystore are valid.

Summary

Good job! You've successfully configured connection between Onegini IdP and extension over https.