EOEPCA Persistence system for the Login Service Building Block
Explore the docs »
View Demo
·
Report Bug
·
Request Feature
- Table of Contents
- About The Project
- Getting Started
- Usage
- Initializing Data
- Roadmap
- Contributing
- License
- Contact
- Acknowledgements
![Product Name Screen Shot][product-screenshot]
To get a local copy up and running follow these simple steps.
This is an example of how to list things you need to use the software and how to install them.
- Get into EOEPCA's development environment
vagrant ssh
- Clone the repo
git clone https://github.com/EOEPCA/um-login-persistence.git
- Change local directory
cd template-service
The following environment variables are supported by the container:
GLUU_CONFIG_ADAPTER
: The config backend adapter, can beconsul
(default) orkubernetes
.GLUU_CONFIG_CONSUL_HOST
: hostname or IP of Consul (default tolocalhost
).GLUU_CONFIG_CONSUL_PORT
: port of Consul (default to8500
).GLUU_CONFIG_CONSUL_CONSISTENCY
: Consul consistency mode (choose one ofdefault
,consistent
, orstale
). Default tostale
mode.GLUU_CONFIG_CONSUL_SCHEME
: supported Consul scheme (http
orhttps
).GLUU_CONFIG_CONSUL_VERIFY
: whether to verify cert or not (default tofalse
).GLUU_CONFIG_CONSUL_CACERT_FILE
: path to Consul CA cert file (default to/etc/certs/consul_ca.crt
). This file will be used if it exists andGLUU_CONFIG_CONSUL_VERIFY
set totrue
.GLUU_CONFIG_CONSUL_CERT_FILE
: path to Consul cert file (default to/etc/certs/consul_client.crt
).GLUU_CONFIG_CONSUL_KEY_FILE
: path to Consul key file (default to/etc/certs/consul_client.key
).GLUU_CONFIG_CONSUL_TOKEN_FILE
: path to file contains ACL token (default to/etc/certs/consul_token
).GLUU_CONFIG_KUBERNETES_NAMESPACE
: Kubernetes namespace (default todefault
).GLUU_CONFIG_KUBERNETES_CONFIGMAP
: Kubernetes configmaps name (default togluu
).GLUU_CONFIG_KUBERNETES_USE_KUBE_CONFIG
: Load credentials from$HOME/.kube/config
, only useful for non-container environment (default tofalse
).GLUU_SECRET_ADAPTER
: The secrets adapter, can bevault
orkubernetes
.GLUU_SECRET_VAULT_SCHEME
: supported Vault scheme (http
orhttps
).GLUU_SECRET_VAULT_HOST
: hostname or IP of Vault (default tolocalhost
).GLUU_SECRET_VAULT_PORT
: port of Vault (default to8200
).GLUU_SECRET_VAULT_VERIFY
: whether to verify cert or not (default tofalse
).GLUU_SECRET_VAULT_ROLE_ID_FILE
: path to file contains Vault AppRole role ID (default to/etc/certs/vault_role_id
).GLUU_SECRET_VAULT_SECRET_ID_FILE
: path to file contains Vault AppRole secret ID (default to/etc/certs/vault_secret_id
).GLUU_SECRET_VAULT_CERT_FILE
: path to Vault cert file (default to/etc/certs/vault_client.crt
).GLUU_SECRET_VAULT_KEY_FILE
: path to Vault key file (default to/etc/certs/vault_client.key
).GLUU_SECRET_VAULT_CACERT_FILE
: path to Vault CA cert file (default to/etc/certs/vault_ca.crt
). This file will be used if it exists andGLUU_SECRET_VAULT_VERIFY
set totrue
.GLUU_SECRET_KUBERNETES_NAMESPACE
: Kubernetes namespace (default todefault
).GLUU_SECRET_KUBERNETES_CONFIGMAP
: Kubernetes secrets name (default togluu
).GLUU_SECRET_KUBERNETES_USE_KUBE_CONFIG
: Load credentials from$HOME/.kube/config
, only useful for non-container environment (default tofalse
).GLUU_WAIT_MAX_TIME
: How long the startup "health checks" should run (default to300
seconds).GLUU_WAIT_SLEEP_DURATION
: Delay between startup "health checks" (default to10
seconds).GLUU_OXTRUST_CONFIG_GENERATION
: Whether to generate oxShibboleth configuration or not (default totrue
).GLUU_CACHE_TYPE
: Supported values areIN_MEMORY
,REDIS
,MEMCACHED
, andNATIVE_PERSISTENCE
(default toNATIVE_PERSISTENCE
).GLUU_REDIS_URL
: URL of Redis server, format is host:port (optional; default tolocalhost:6379
).GLUU_REDIS_TYPE
: Redis service type, eitherSTANDALONE
orCLUSTER
(optional; default toSTANDALONE
).GLUU_MEMCACHED_URL
: URL of Memcache server, format is host:port (optional; default tolocalhost:11211
).GLUU_PERSISTENCE_TYPE
: Persistence backend being used (one ofldap
,couchbase
, orhybrid
; default toldap
).GLUU_PERSISTENCE_LDAP_MAPPING
: Specify data that should be saved in LDAP (one ofdefault
,user
,cache
,site
, ortoken
; default todefault
). Note this environment only takes effect whenGLUU_PERSISTENCE_TYPE
is set tohybrid
.GLUU_PERSISTENCE_SKIP_EXISTING
: skip initialization if backend already initialized (default toTrue
).GLUU_LDAP_URL
: Address and port of LDAP server (default tolocalhost:1636
); required ifGLUU_PERSISTENCE_TYPE
is set toldap
orhybrid
.GLUU_COUCHBASE_URL
: Address of Couchbase server (default tolocalhost
); required ifGLUU_PERSISTENCE_TYPE
is set tocouchbase
orhybrid
.GLUU_COUCHBASE_USER
: Username of Couchbase server (default toadmin
); required ifGLUU_PERSISTENCE_TYPE
is set tocouchbase
orhybrid
.GLUU_COUCHBASE_CERT_FILE
: Couchbase root certificate location (default to/etc/certs/couchbase.crt
); required ifGLUU_PERSISTENCE_TYPE
is set tocouchbase
orhybrid
.GLUU_COUCHBASE_PASSWORD_FILE
: Path to file contains Couchbase password (default to/etc/gluu/conf/couchbase_password
); required ifGLUU_PERSISTENCE_TYPE
is set tocouchbase
orhybrid
.GLUU_OXTRUST_API_ENABLED
: Enable oxTrust API (default tofalse
).GLUU_OXTRUST_API_TEST_MODE
: Enable oxTrust API test mode; not recommended for production (default tofalse
). If set tofalse
, UMA mode is activated. See oxTrust API docs for reference.GLUU_CASA_ENABLED
: Enable Casa-related features; custom scripts, ACR, UI menu, etc. (default tofalse
).GLUU_PASSPORT_ENABLED
: Enable Passport-related features; custom scripts, ACR, UI menu, etc. (default tofalse
).GLUU_RADIUS_ENABLED
: Enable Radius-related features; UI menu, etc. (default tofalse
).GLUU_SAML_ENABLED
: Enable SAML-related features; UI menu, etc. (default tofalse
).
kubectl run --image=eoepca/um-login-persistence:latest persistence --env="GLUU_CONFIG_ADAPTER=kubernetes" --env="GLUU_SECRET_ADAPTER=kubernetes" --env="GLUU_OXTRUST_CONFIG_GENERATION=false" --env="GLUU_LDAP_URL=opendj:1636" --env="GLUU_PASSPORT_ENABLED=true" --env="GLUU_PERSISTENCE_TYPE=ldap"
The process may take a while, check the output of the persistence
container log.
See the open issues for a list of proposed features (and known issues).
Contributions are what make the open source community such an amazing place to be learn, inspire, and create. Any contributions you make are greatly appreciated.
- Fork the Project
- Create your Feature Branch (
git checkout -b feature/AmazingFeature
) - Commit your Changes (
git commit -m 'Add some AmazingFeature'
) - Push to the Branch (
git push origin feature/AmazingFeature
) - Open a Pull Request
Distributed under the Apache-2.0 License. See LICENSE
for more information.
Project Link: https://github.com/EOEPCA/um-login-persistence
- README.md is based on this template by Othneil Drew.