Installation instructions
Make sure you have installed the requirements before you continue.
- Configure Docker
- Login
- Create
docker-compose.yml
file - Configure Token Server via Docker Compose environment variables
- Start the Token Server
- Next steps
Configure Docker
Edit the docker configuration file /etc/sysconfig/docker
DOCKER_OPTIONS = --host=unix:///var/run/docker.sock --bip=172.16.0.1/24
Login
To download the containers you first need to login with the Docker client using your login credentials.
$ docker login release.onegini.com
NOTE: If you did not not receive any login credentials, please contact Onegini support.
Create docker-compose.yml
file
Create /etc/onegini/docker-compose.yml
with the following content
version: "2"
services:
proxy:
image: release.onegini.com/onegini/security-proxy:1.03.02
user: onegini
restart: always
environment:
# Java options
- JAVA_OPTS=-Xmx256m -Xms256m
# Enabled properties provisioning
- SECURITY_PROXY_PROVISIONING_ENABLED=true
# Key-value store backend
- SECURITY_PROXY_DISCOVERY_BACKEND=etcd://192.168.100.5:2379/onegini
# Security Proxy property encryption password
- SECURITY_PROXY_COMMON_PROPERTY_ENCRYPTION_PASSWORD=3c0b5011a68bfad582576b4380bf65662dc81745c77e3d8d05a8498c67387ed3
# Security Proxy backends
- SECURITY_PROXY_BACK_END_TOKEN_SERVER_HOSTS=192.168.100.2:8080
- SECURITY_PROXY_BACK_END_TOKEN_SERVER_ADMIN_HOSTS=192.168.100.3:8080
- SECURITY_PROXY_BACK_END_TOKEN_SERVER_ADMIN_ALLOW=0.0.0.0/0
- SECURITY_PROXY_BACK_END_TOKEN_SERVER_CLIENT_HOSTS=192.168.100.7:8080
- SECURITY_PROXY_BACK_END_TOKEN_SERVER_CLIENT_ALLOW=0.0.0.0/0
- SECURITY_PROXY_ENGINE_ENCRYPTION_POLICY_USERNAME=Eec61WVhtOjesj7BiLTKljdaKdmsc48D2oZKhsroqs
- SECURITY_PROXY_ENGINE_ENCRYPTION_POLICY_PASSWORD=p4XfUcvkwULWsxs7C8sQIg5egZb1bvjNSZpNC2sp8M
depends_on:
- discovery
networks:
overlay:
ipv4_address: 192.168.100.10
ports:
- "80:8080"
engine:
image: release.onegini.com/onegini/token-server-engine:4.04.07
restart: always
user: onegini
environment:
# Java options
- JAVA_OPTS=-Xms512m -Xmx512m
# Key-value store backend
- TOKEN_SERVER_DISCOVERY_BACKEND=etcd://192.168.100.5:2379/onegini
# Enable properties provisioning
- TOKEN_SERVER_PROVISIONING_ENABLED=true
# Token Server property encryption password
- TOKEN_SERVER_COMMON_PROPERTY_ENCRYPTION_PASSWORD=3c0b5011a68bfad582576b4380bf65662dc81745c77e3d8d05a8498c67387ed3
# Token server url
- TOKEN_SERVER_URL=http://<SERVER IP>
# Database
- TOKEN_SERVER_COMMON_DB_TYPE=mysql
- TOKEN_SERVER_COMMON_DB_USER=onegini
- TOKEN_SERVER_COMMON_DB_PASSWORD=af7a5b7a0d7b858a6d242bb4f3f54d0be65e56853caf71f3321f8fe967b203d1
- TOKEN_SERVER_COMMON_DB_ENCRYPTION_PASSWORD=febc2bce3d4e7082c26e9e57b36f3e0bd71c6e855c173928e476ebcadcff01a9
- TOKEN_SERVER_COMMON_DB_JDBC_URL=jdbc:mysql://192.168.100.4:3306/tokenserver?autoReconnect=true
- TOKEN_SERVER_COMMON_DB_MIGRATION_ENABLED=true
# Token Server configuration
- TOKEN_SERVER_ENGINE_API_BASIC_AUTHENTICATION_USER=Eec61WVhtOjesj7BiLTKljdaKdmsc48D2oZKhsroqs
- TOKEN_SERVER_ENGINE_API_BASIC_AUTHENTICATION_PASSWORD=p4XfUcvkwULWsxs7C8sQIg5egZb1bvjNSZpNC2sp8M
ports:
- 8080
- 8443
depends_on:
- discovery
networks:
overlay:
ipv4_address: 192.168.100.2
admin:
image: release.onegini.com/onegini/token-server-admin:4.04.07
restart: always
user: onegini
environment:
# Java options
- JAVA_OPTS=-Xms256m -Xmx256m
# Enable properties provisioning
- TOKEN_SERVER_PROVISIONING_ENABLED=true
# Key-value store backend
- TOKEN_SERVER_DISCOVERY_BACKEND=etcd://192.168.100.5:2379/onegini
# Token Server url
- TOKEN_SERVER_URL=http://<SERVER IP>
# Token Server property encryption password
- TOKEN_SERVER_COMMON_PROPERTY_ENCRYPTION_PASSWORD=3c0b5011a68bfad582576b4380bf65662dc81745c77e3d8d05a8498c67387ed3
# Database
- TOKEN_SERVER_COMMON_DB_TYPE=mysql
- TOKEN_SERVER_COMMON_DB_USER=onegini
- TOKEN_SERVER_COMMON_DB_PASSWORD=af7a5b7a0d7b858a6d242bb4f3f54d0be65e56853caf71f3321f8fe967b203d1
- TOKEN_SERVER_COMMON_DB_ENCRYPTION_PASSWORD=febc2bce3d4e7082c26e9e57b36f3e0bd71c6e855c173928e476ebcadcff01a9
- TOKEN_SERVER_COMMON_DB_JDBC_URL=jdbc:mysql://192.168.100.4:3306/tokenserver?autoReconnect=true
- TOKEN_SERVER_COMMON_DB_MIGRATION_ENABLED=true
# Ldap
- TOKEN_SERVER_ADMIN_LDAP_BASE_DN=dc=onegini,dc=com
- TOKEN_SERVER_ADMIN_LDAP_SERVER_URLS=ldap://192.168.100.6:10389
depends_on:
- discovery
networks:
overlay:
ipv4_address: 192.168.100.3
client:
image: release.onegini.com/onegini/token-server-test-client:4.04.07
restart: always
user: onegini
environment:
# Java options
- JAVA_OPTS=-Xms256m -Xmx256m
# Enable properties provisioning
- TOKEN_SERVER_PROVISIONING_ENABLED=true
# Discovery backend
- TOKEN_SERVER_DISCOVERY_BACKEND=etcd://192.168.100.5:2379/onegini
# Token Server url
- TOKEN_SERVER_URL=http://192.168.100.10:8080
- TOKEN_SERVER_TEST_CLIENT_URL=https://<SERVER IP>
- TOKEN_SERVER_CLIENT_AUTHORIZE_URI=https://<SERVER IP>/oauth/authorize
depends_on:
- discovery
networks:
overlay:
ipv4_address: 192.168.100.7
database:
image: mariadb:latest
restart: always
environment:
- MYSQL_ROOT_PASSWORD=bc6928048afd11ab649b1876253bb5d16efacfc8d29d7fb11fdebf7d9cc52795
- MYSQL_DATABASE=tokenserver
- MYSQL_USER=onegini
- MYSQL_PASSWORD=af7a5b7a0d7b858a6d242bb4f3f54d0be65e56853caf71f3321f8fe967b203d1
ports:
- 3306
networks:
overlay:
ipv4_address: 192.168.100.4
discovery:
image: release.onegini.com/library/etcd:2.2.1-1
restart: always
environment:
- ETCD_DATA_DIR=/var/lib/etcd
- ETCD_LISTEN_CLIENT_URLS=http://0.0.0.0:2379
- ETCD_ADVERTISE_CLIENT_URLS=http://192.168.100.5:2379
ports:
- 2379
networks:
overlay:
ipv4_address: 192.168.100.5
ldap:
image: release.onegini.com/library/apacheds:dummy
restart: always
environment:
- JAVA_OPTS=-Xms256m -Xmx256m
ports:
- 10389
networks:
overlay:
ipv4_address: 192.168.100.6
networks:
overlay:
driver: bridge
ipam:
config:
- subnet: 192.168.100.0/24
Configure Token Server via Docker Compose environment variables
The Onegini Token Server uses Docker Compose environment variables to manage application properties. You can find all properties which can be configured in the Properties section of the Token Server Documentation.
For example, consider a following environment variable described in the docs:
Environment variable | Default | Example | Description |
---|---|---|---|
TOKEN_SERVER_ADMIN_GENERAL_PUBLIC_URL | /onegini/admin | URL to which the user is redirected after successful logout. |
To configure this Token Server Admin property with the example value, add the following line in the environment
admin service section of the docker-compose file:
admin:
...
environment:
- TOKEN_SERVER_ADMIN_GENERAL_PUBLIC_URL=/onegini/admin
...
Note: Properties common for Admin and Engine Token Server need to be provided for both docker compose images (admin and engine). Not all properties are mandatory to configure. Some of them have their default values.
Start the Token Server
Now it is time to start the Token Server
$ docker-compose -f /etc/onegini/docker-compose.yml up -d
Open the browser and got to http://<SERVER IP>/admin
.
you can now login with username and password admin
, operator
or helpdesk
Next steps
To customise your installation please have a look at the configuration section.