Install Security Proxy

Install images

Onegini provides two ways of installing the Docker images of the Security Proxy.

Docker Index

The first and preferred way is to use the Onegini Index. This is the Docker container repository of Onegini.

You must login via the Docker client with your login credentials before you can download the images:

docker login https://release.onegini.com

Then pull the latest images:

docker pull release.onegini.com/<customer-name>/token-server-<customer-name>:<version>

NOTE: If you did not receive login credentials, please contact Onegini support.

Import from tar

The second way is to import the Docker image from a tarball. Use this option when the Docker host cannot connect to the internet.

docker load < /path/to/token-server-<customer-name>-<version>.tar

Show images

Verify that the Docker images are loaded:

docker images

Configure Docker compose

Create a file docker-compose.yml or add the Security Proxy to an existing Docker compose file.

Example Docker compose file with configuration for the Security Proxy, the network and ETCD:

version: "2"
services:
  security-proxy:
    image: release.onegini.com/onegini/security-proxy:latest
    mem_limit: 512mb
    user: onegini
    restart: always
    environment:
      - HOST_IP=10.100.10.1

      # Java options
      - JAVA_OPTS=-Xmx512m -Xms256m

      # Enabled properties provisioning
      - SECURITY_PROXY_PROVISIONING_ENABLED=true

      # Discovery backend
      - SECURITY_PROXY_DISCOVERY_BACKEND=etcd://192.168.0.11:2379/onegini

      # Security Proxy propery encrytion password
      - SECURITY_PROXY_COMMON_PROPERTY_ENCRYPTION_PASSWORD=887f0d9a563b56b25fb3877ac1ecf897

      # Security Proxy backends
      - SECURITY_PROXY_BACK_END_TOKEN_SERVER_HOSTS=10.100.10.1:8081
      - SECURITY_PROXY_BACK_END_RESOURCE_GATEWAY_HOSTS=10.100.10.1:8082
      - SECURITY_PROXY_TOKEN_SERVER_API_CLIENT_ID=18716FD0808E72E2180327E24467EA38146456479ABC9E2DA99A5F49B193392B
      - SECURITY_PROXY_TOKEN_SERVER_API_CLIENT_SECRET=527EF9E6637AF54C253220F39CF797729786E9CEAFE78BD23E748949A902E800
    depends_on:
      - discovery
    networks:
      - sp_network
    ports:
      - 8080:8080

  discovery:
    image: release.onegini.com/library/etcd:latest
    mem_limit: 128mb
    restart: always
    environment:
      # Service Discovery
      - SERVICE_IGNORE=true

      # CoreOS etcd
      - ETCD_DATA_DIR=/var/lib/etcd
      - ETCD_LISTEN_CLIENT_URLS=http://0.0.0.0:2379
      - ETCD_ADVERTISE_CLIENT_URLS=http://192.168.0.11:2379
    volumes:
      - /tmp/etcd_data:/var/lib/etcd
    networks:
      sp_network:
        ipv4_address: 192.168.0.11

networks:
  sp_network:
    driver: bridge
    ipam:
      driver: default
      config:
        - subnet: 192.168.0.0/24

Start the Docker

docker-compose -f docker-compose.yml up -d