This section covers the requirements for the Token Server. It's divided into the following subsections:
- Physical/Virtual Hardware Requirements
- Operating System Requirements
- Onegini user
- Software Requirements
- Database Requirements
- Proxy Requirements
- Other Requirements
Physical/Virtual Hardware Requirements
The following requirements are the minimum to run the Onegini Token Server.
- CPU: 2 cores
- Memory: 4GB
- Disk: 40 GB
Operating System Requirements
Minimal: 7.0 - Recommended: 7.2
Other, but not tested
By default Docker runs as root inside the container. At the moment the Docker
user namespace is not supported yet.
To run the container as a different user you need to create a user with predefined uid and gid.
$ groupadd -r -g 5675 onegini && useradd -r -m -u 5675 -g onegini onegini
Most of the configuration and data are stored in the containers or database. But some small configuration or custom data can be mounted to the containers. There for the following folders are require.
|Folder path||Purpose||Folder owner|
|/etc/msp||Onegini configuration folder||onegini:onegini|
|/etc/msp/keystore||Token server keystore location||onegini:onegini|
|/etc/msp/truststore||Token server truststore location||onegini:onegini|
|/var/lib/msp/discovery||Discovery data folder||onegini:onegini|
|/var/log/msp||Folder to store logfiles||onegini:onegini|
To deploy the Onegini Token Server, you need a prepared Docker environment. Please follow the Docker installation guide from the Docker website.
Minimal version: 1.8.2 - Recommended: 1.10.3
Compose is a tool for defining and running complex applications with Docker. With Compose, you define a multi-container application in a single file, then spin your application up in a single command which does everything that needs to be done to get it running. To install Docker Compose follow the guide on their website.
Minimal version: 1.5.2 - Recommended: 1.7.0
If the Onegini Token Server runs in a virtual environment you will need a tool to generate entropy. We advise to use Haveged. Entropy is required for strong encryption.
Minimal version: 1.7c - Recommended: 1.9.1
Minimal version: 5.6 Recommended encoding: UTF-8 Unicode
Minimal version: 2008 Recommended encoding: UTF-8 Unicode
Minimal version: 11g Recommended encoding: UTF-8 Unicode
The Token Server uses Redis for caching. It is required to have a running Redis instance, otherwise the Token Server will not start. Redis must be configured in a High-available mode using Sentinel. Minimal version: 3.2.3
If an outgoing proxy is used it needs to fulfill the following requirements:
iOS push notifications
- APNs uses HTTP/2 communication and any proxy must therefore support proxying HTTP/2 connections.
- Working LDAP server
- Working network connection to the internet for 'Docker pull', 'Apple push' and 'Google push'