A docker compose based curity identity server set up for local exploration and development purposes. It includes an external postgres datasource and comes pre-configured with devops dashboard enabled.
The system can be deployed on a MacOS or Windows workstation via a bash script, and has the following prerequisites:
- Docker
- Docker compose
- OpenSSL
- Trivy - It will be installed automatically for mac, if not already installed.
Make sure you have above prerequisites installed and then copy a license file to the idsvr-config/license.json location.
If needed, you can also get a free community edition license from the Curity Developer Portal.
-
Clone the repository
git clone https://github.com/suren-khatana/docker-compose-local-setup.git cd docker-compose-local-setup -
Install the environment
./manage-environment.sh --install
-
Start & Stop
./manage-environment.sh --start ./manage-environment.sh --stop
-
Scan Idsvr for security vulnerabilities
./manage-environment.sh --scan
-
Identity Server Backup
./manage-environment.sh --backup
-
Clean up
./manage-environment.sh --delete
-
Logs
docker logs -f curity-idsvr-admin docker logs -f curity-idsvr-runtime
./manage-environment.sh -h
Usage: manage-environment.sh [-h | --help] [-i | --install] [--start] [--stop] [--scan] [-d | --delete] [-b | --backup]
** DESCRIPTION **
This script can be used to manage a docker compose based curity identity server installation including an external postgress datasource.
OPTIONS
--help show this help message and exit
--install installs the curity identity server environment
--start starts the curity identity server environment
--stop stops the curity identity server environment
--scan scans the curity identity server for security vulnerabilities
--delete deletes the docker compose environment
--backup backup idsvr configuration
Add the self signed root ca certificate (certs/curity.local.ca.pem) to operating system trust store.
For mac, please refer to https://support.apple.com/guide/keychain-access/add-certificates-to-a-keychain-kyca2431/mac
For windows, please refer to https://docs.microsoft.com/en-us/skype-sdk/sdn/articles/installing-the-trusted-root-certificate
Add following to hosts file
127.0.0.1 admin.curity.local login.curity.local
After the installation is completed, you will have a fully working system:
- OAuth and OpenID Connect Endpoints used by applications
- A rich Admin UI for configuring applications and their security behavior
- A SQL based postgres database from which users, tokens, sessions and audit information can be queried
- A SCIM 2.0 API & GraphQL endpoints for managing user accounts
- A working DevOps dashboard for delegated administration
The default server configuration is stored in the idsvr-config/server-config.xml and it is imported in to the server during environment set up. Any updates made to the system configuration would persist identity server restarts, however if the containers are deleted then the updates are lost and system is reset to the default configuration state represented by idsvr-config/server-config.xml.
It is recommended take Identity Server configuration back ups when needed. Backedup configuration could be imported in to the server either by using the Admin UI or by copying the back up configuration xml files to the idsvr-config directory and re-building the idsvr docker image.
Please visit curity.io for more information about the Curity Identity Server.