Skip to content

In-memory authentication

For scenarios where neither an LDAP server nor header authentication is available (e.g. while testing), there is an in-memory user store for a single user. This in-memory user store is disabled by default.

Property Default value Description
SECURITY_IN_MEMORY_ENABLED false Flag to enable/disable the in-memory user store
SECURITY_IN_MEMORY_USERNAME tokenserver Username to log in
SECURITY_IN_MEMORY_PASSWORD Password to log in.

When no value is set for SECURITY_IN_MEMORY_PASSWORD, a random value is generated during start up. In a clustered environment each node will generate a different random password. In order to know the random password, the logger level of com.onegini.tokenserver.admin.config.security must be set to DEBUG:

JAVA_OPTS="-Dlogging.level.com.onegini.tokenserver.admin.config.security=DEBUG"

With that property the password will be printed to the console during startup:

... .InMemoryUserAuthenticationConfiguration : using '3dd92895f09dfeb71b0184bcb90612d7' as the password for the 'tokenserver' user

The default user has the admin role, which means they can access the admin console without any limitations.