Skip to content

EOEPCA/um-login-persistence

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

152 Commits

scripts

scripts

 
 

static

static

 
 

templates

templates

 
 

travis

travis

 
 

.dockerignore

.dockerignore

 
 

.editorconfig

.editorconfig

 
 

.gitignore

.gitignore

 
 

.travis.yml

.travis.yml

 
 

Dockerfile

Dockerfile

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

requirements.txt

requirements.txt

 
 

Repository files navigation

Contributors Forks Stargazers Issues MIT License Build


um-login-persistence

EOEPCA Persistence system for the Login Service Building Block
Explore the docs »
View Demo · Report Bug · Request Feature

Table of Contents

About The Project

![Product Name Screen Shot][product-screenshot]

Built With

Getting Started

To get a local copy up and running follow these simple steps.

Prerequisites

This is an example of how to list things you need to use the software and how to install them.

Installation

  1. Get into EOEPCA's development environment
vagrant ssh
  1. Clone the repo
git clone https://github.com/EOEPCA/um-login-persistence.git
  1. Change local directory
cd template-service

Usage

The following environment variables are supported by the container:

  • GLUU_CONFIG_ADAPTER: The config backend adapter, can be consul (default) or kubernetes.
  • GLUU_CONFIG_CONSUL_HOST: hostname or IP of Consul (default to localhost).
  • GLUU_CONFIG_CONSUL_PORT: port of Consul (default to 8500).
  • GLUU_CONFIG_CONSUL_CONSISTENCY: Consul consistency mode (choose one of default, consistent, or stale). Default to stale mode.
  • GLUU_CONFIG_CONSUL_SCHEME: supported Consul scheme (http or https).
  • GLUU_CONFIG_CONSUL_VERIFY: whether to verify cert or not (default to false).
  • GLUU_CONFIG_CONSUL_CACERT_FILE: path to Consul CA cert file (default to /etc/certs/consul_ca.crt). This file will be used if it exists and GLUU_CONFIG_CONSUL_VERIFY set to true.
  • GLUU_CONFIG_CONSUL_CERT_FILE: path to Consul cert file (default to /etc/certs/consul_client.crt).
  • GLUU_CONFIG_CONSUL_KEY_FILE: path to Consul key file (default to /etc/certs/consul_client.key).
  • GLUU_CONFIG_CONSUL_TOKEN_FILE: path to file contains ACL token (default to /etc/certs/consul_token).
  • GLUU_CONFIG_KUBERNETES_NAMESPACE: Kubernetes namespace (default to default).
  • GLUU_CONFIG_KUBERNETES_CONFIGMAP: Kubernetes configmaps name (default to gluu).
  • GLUU_CONFIG_KUBERNETES_USE_KUBE_CONFIG: Load credentials from $HOME/.kube/config, only useful for non-container environment (default to false).
  • GLUU_SECRET_ADAPTER: The secrets adapter, can be vault or kubernetes.
  • GLUU_SECRET_VAULT_SCHEME: supported Vault scheme (http or https).
  • GLUU_SECRET_VAULT_HOST: hostname or IP of Vault (default to localhost).
  • GLUU_SECRET_VAULT_PORT: port of Vault (default to 8200).
  • GLUU_SECRET_VAULT_VERIFY: whether to verify cert or not (default to false).
  • GLUU_SECRET_VAULT_ROLE_ID_FILE: path to file contains Vault AppRole role ID (default to /etc/certs/vault_role_id).
  • GLUU_SECRET_VAULT_SECRET_ID_FILE: path to file contains Vault AppRole secret ID (default to /etc/certs/vault_secret_id).
  • GLUU_SECRET_VAULT_CERT_FILE: path to Vault cert file (default to /etc/certs/vault_client.crt).
  • GLUU_SECRET_VAULT_KEY_FILE: path to Vault key file (default to /etc/certs/vault_client.key).
  • GLUU_SECRET_VAULT_CACERT_FILE: path to Vault CA cert file (default to /etc/certs/vault_ca.crt). This file will be used if it exists and GLUU_SECRET_VAULT_VERIFY set to true.
  • GLUU_SECRET_KUBERNETES_NAMESPACE: Kubernetes namespace (default to default).
  • GLUU_SECRET_KUBERNETES_CONFIGMAP: Kubernetes secrets name (default to gluu).
  • GLUU_SECRET_KUBERNETES_USE_KUBE_CONFIG: Load credentials from $HOME/.kube/config, only useful for non-container environment (default to false).
  • GLUU_WAIT_MAX_TIME: How long the startup "health checks" should run (default to 300 seconds).
  • GLUU_WAIT_SLEEP_DURATION: Delay between startup "health checks" (default to 10 seconds).
  • GLUU_OXTRUST_CONFIG_GENERATION: Whether to generate oxShibboleth configuration or not (default to true).
  • GLUU_CACHE_TYPE: Supported values are IN_MEMORY, REDIS, MEMCACHED, and NATIVE_PERSISTENCE (default to NATIVE_PERSISTENCE).
  • GLUU_REDIS_URL: URL of Redis server, format is host:port (optional; default to localhost:6379).
  • GLUU_REDIS_TYPE: Redis service type, either STANDALONE or CLUSTER (optional; default to STANDALONE).
  • GLUU_MEMCACHED_URL: URL of Memcache server, format is host:port (optional; default to localhost:11211).
  • GLUU_PERSISTENCE_TYPE: Persistence backend being used (one of ldap, couchbase, or hybrid; default to ldap).
  • GLUU_PERSISTENCE_LDAP_MAPPING: Specify data that should be saved in LDAP (one of default, user, cache, site, or token; default to default). Note this environment only takes effect when GLUU_PERSISTENCE_TYPE is set to hybrid.
  • GLUU_PERSISTENCE_SKIP_EXISTING: skip initialization if backend already initialized (default to True).
  • GLUU_LDAP_URL: Address and port of LDAP server (default to localhost:1636); required if GLUU_PERSISTENCE_TYPE is set to ldap or hybrid.
  • GLUU_COUCHBASE_URL: Address of Couchbase server (default to localhost); required if GLUU_PERSISTENCE_TYPE is set to couchbase or hybrid.
  • GLUU_COUCHBASE_USER: Username of Couchbase server (default to admin); required if GLUU_PERSISTENCE_TYPE is set to couchbase or hybrid.
  • GLUU_COUCHBASE_CERT_FILE: Couchbase root certificate location (default to /etc/certs/couchbase.crt); required if GLUU_PERSISTENCE_TYPE is set to couchbase or hybrid.
  • GLUU_COUCHBASE_PASSWORD_FILE: Path to file contains Couchbase password (default to /etc/gluu/conf/couchbase_password); required if GLUU_PERSISTENCE_TYPE is set to couchbase or hybrid.
  • GLUU_OXTRUST_API_ENABLED: Enable oxTrust API (default to false).
  • GLUU_OXTRUST_API_TEST_MODE: Enable oxTrust API test mode; not recommended for production (default to false). If set to false, UMA mode is activated. See oxTrust API docs for reference.
  • GLUU_CASA_ENABLED: Enable Casa-related features; custom scripts, ACR, UI menu, etc. (default to false).
  • GLUU_PASSPORT_ENABLED: Enable Passport-related features; custom scripts, ACR, UI menu, etc. (default to false).
  • GLUU_RADIUS_ENABLED: Enable Radius-related features; UI menu, etc. (default to false).
  • GLUU_SAML_ENABLED: Enable SAML-related features; UI menu, etc. (default to false).

Initializing Data

kubectl run --image=eoepca/um-login-persistence:latest persistence --env="GLUU_CONFIG_ADAPTER=kubernetes" --env="GLUU_SECRET_ADAPTER=kubernetes" --env="GLUU_OXTRUST_CONFIG_GENERATION=false" --env="GLUU_LDAP_URL=opendj:1636" --env="GLUU_PASSPORT_ENABLED=true" --env="GLUU_PERSISTENCE_TYPE=ldap"

The process may take a while, check the output of the persistence container log.

Roadmap

See the open issues for a list of proposed features (and known issues).

Contributing

Contributions are what make the open source community such an amazing place to be learn, inspire, and create. Any contributions you make are greatly appreciated.

  1. Fork the Project
  2. Create your Feature Branch (git checkout -b feature/AmazingFeature)
  3. Commit your Changes (git commit -m 'Add some AmazingFeature')
  4. Push to the Branch (git push origin feature/AmazingFeature)
  5. Open a Pull Request

License

Distributed under the Apache-2.0 License. See LICENSE for more information.

Contact

EOEPCA mailbox

Project Link: https://github.com/EOEPCA/um-login-persistence

Acknowledgements

About

Persistence docker image for gluu instalation of EOEPCA

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

0 stars

Watchers

3 watching

Forks

0 forks
Report repository

Releases 5

Release v1.0 Latest
Mar 8, 2022
+ 4 releases

Packages

No packages published

Contributors 7

Languages