Haventec OIDC Landing Page requires a PostgreSQL database
See setting up a database for details.
Create configuration files
Each container requires a configuration file with a list of variables to specify the database details and the URI of the other container. Please edit it to match your environment.
Haventec OIDC Landing Page configuration file
Create the file env_haventec_oidc_lp.list . This is an example:
##################################
# Haventec OIDC LP env variables #
##################################
# HTTPS Docker configuration
# on : The container expects HTTPS requests, it uses a self-signed certificate
# off : (default) The container expects HTTP requests
#HTTP_SSL=on
# Database properties (Note: The current Haventec OIDC Landing Page version only supports postgreSQL DB)
DB_HOST=postgres
DB_PORT=5432
DB_NAME=htoidclanding
DB_USER=haventec
DB_PASS=password
# Haventec Console API URI
# Used to communicate to Haventec Console internally
HAVENTEC_CONSOLE_API_URL=http://console:9005
# Haventec Authenticate URI
# It is used at use-cases that send request to Haventec Authenticate
HAVENTEC_AUTHENTICATE_API_URL=http://authenticate:9000
HTTP_PROXY_REQUIRED=false
# Profile chosen to run the application Haventec Landing Page
# production_postgres : Production profile with a PostgreSQL DB
# production_postgres_ssl : Production profile with a PostgreSQL DB using TLS
PROFILE=production_postgres
# Java Virtual Machine Options
#
#JVM_OPTIONS=-Xms312m -Xmx312m
# NGINX Logs Options
# on : NGINX logs to the standard docker output (Default)
# off : Switch off NGINX logs
NGINX_LOGS=off
# Application Log Format (Optional)
# Not present : Text line (Default)
# JSON : JSON format
#LOGS_FORMAT=JSON
# Landing Page public URL pattern
# It will be used to serves the customised login pages per application
# The domain pattern must start with string "clientId" (e.g: https://clientId.auth.yourdomain.com)
# The logic will read the value at the group "clientId" to recognise the application and serve its
# customised pages. For instance if a browser goes to https://firstApp.auth.yourdomain.com
# it will receive back the login pages customised for the application with clientId=firstApp
DEFAULT_LANDING_PAGE_URI=https://clientId.auth.yourdomain.com
Download the Haventec Docker images
Log into Docker hub
Open a terminal and log into Docker Hub with the account credentials provided to you by Haventec.
If you cannot access the Haventec Docker repository, please contact us.
docker login --username=yourusername
Load the Haventec Docker images
docker pull haventec/oidc-landing-page:latest
For simplicity, this manual will run the container on a single local server. The container need to communicate with authenticate so we need to create a docker network to allow that communication (If It wasn't created already on a previous step)
docker network create haventec-network
If you have the PostgreSQL DB also running locally in a docker, we have to add it to the docker network (If It wasn't added already on a previous step):
docker network connect --alias postgres haventec-network postgres
Run Haventec OIDC LP Docker
Execute the following command from the folder that contains the configuration file env_haventec_authenticate.list.
docker run --env-file env_haventec_oidclp.list \
--name "oidclp" \
-it -p7000:9000 \
--net haventec-network \
--net-alias "oidclp" "haventec/oidc-landing-page:latest"
Test
http://localhost:7000/lp/api/oidc-landing-page/v1-0/health
You should see a health status like
{
"responseStatus": {
"status": "SUCCESS",
"message": "OK",
"code": ""
}
}
Production Configuration
Connection between Console and OIDC LP
Please make use of the optional container variable "HAVENTEC_LANDINGPAGE_URI" when running Console to allow the communication between Console and the OIDC LP service.
Ingress rules
The OIDC LP will display the login pages on the URL defined by the container environment variable "DEFAULT_LANDING_PAGE_URI"
If your on-premise installation would like to support multiple OIDC applications. You will need to configure an Ingress rule that allows multiple clientId, for instance "https://*.auth.yourdomain.com"
Comments
0 comments
Please sign in to leave a comment.