This section covers the requirements for the Token Server. It's divided into the following subsections:

Physical/Virtual Hardware Requirements

The following requirements are the minimum to run the Onegini Token Server.

  • CPU: 2 cores
  • Memory: 4GB
  • Disk: 40 GB

Operating System Requirements


Minimal: 7.0 - Recommended: 7.2

Other, but not tested

Docker supported Linux distributions

Onegini user

By default Docker runs as root inside the container. At the moment the Docker user namespace is not supported yet. To run the container as a different user you need to create a user with predefined uid and gid.

$ groupadd -r -g 5675 onegini && useradd -r -m -u 5675 -g onegini onegini


Most of the configuration and data are stored in the containers or database. But some small configuration or custom data can be mounted to the containers. There for the following folders are require.

Folder path Purpose Folder owner
/etc/msp Onegini configuration folder onegini:onegini
/etc/msp/keystore Token server keystore location onegini:onegini
/etc/msp/truststore Token server truststore location onegini:onegini
/var/lib/msp/discovery Discovery data folder onegini:onegini
/var/log/msp Folder to store logfiles onegini:onegini

Software Requirements


To deploy the Onegini Token Server, you need a prepared Docker environment. Please follow the Docker installation guide from the Docker website.

Minimal version: 1.8.2 - Recommended: 1.10.3


Compose is a tool for defining and running complex applications with Docker. With Compose, you define a multi-container application in a single file, then spin your application up in a single command which does everything that needs to be done to get it running. To install Docker Compose follow the guide on their website.

Minimal version: 1.5.2 - Recommended: 1.7.0


If the Onegini Token Server runs in a virtual environment you will need a tool to generate entropy. We advise to use Haveged. Entropy is required for strong encryption.

Minimal version: 1.7c - Recommended: 1.9.1

Database Requirements


Minimal version: 5.6 Recommended encoding: UTF-8 Unicode

Microsoft SQL

Minimal version: 2008 Recommended encoding: UTF-8 Unicode

Oracle Database

Minimal version: 11g Recommended encoding: UTF-8 Unicode


The Token Server uses Redis for caching. It is required to have a running Redis instance, otherwise the Token Server will not start. Redis must be configured in a High-available mode using Sentinel. Minimal version: 3.2.3

Proxy Requirements

If an outgoing proxy is used it needs to fulfill the following requirements:

iOS push notifications

  • APNs uses HTTP/2 communication and any proxy must therefore support proxying HTTP/2 connections.

Other Requirements

  • Working LDAP server
  • Working network connection to the internet for 'Docker pull', 'Apple push' and 'Google push'