Requirements¶
This section covers the requirements for the Token Server.
Physical/Virtual Hardware Requirements¶
The following requirements are the minimum to run the Onegini Token Server.
- CPU: 2 cores
- Memory: 4GB
- Disk: 40 GB
Operating System Requirements¶
RHEL/CentOS¶
Minimal: 7.0 - Recommended: 7.2
Other, but not tested¶
Docker supported Linux distributions
Onegini user¶
By default, Docker runs as root inside the container. At the moment the Docker user
namespace is not supported yet. To run the container as a different user
you need to create a user with predefined uid and gid.
1 |
|
Software Requirements¶
Docker¶
To deploy the Onegini Token Server, you need a prepared Docker environment. Please follow the Docker installation guide from the Docker website.
Minimal version: 1.8.2 - Recommended: 1.10.3
Compose¶
Compose is a tool for defining and running complex applications with Docker. With Compose, you define a multi-container application in a single file, then spin your application up in a single command which does everything that needs to be done to get it running. To install Docker Compose follow the guide on their website.
Minimal version: 1.5.2 - Recommended: 1.7.0
Random number generation¶
If the Onegini Token Server is deployed using a virtual environment you will need to ensure appropriate entropy is generated. Since the Onegini Token Server performs the generation of cryptographic secrets to achieve its security goals, appropriate entropy is necessary to ensure its secure operation.
We recommend using appropriate hardware with cryptographic number generation means. Hardware random number generation is available as a CPU feature in Intel Ivy
Bridge and later (Xeon series v2 and higher) and all AMD Epyc processors. We recommend enabling availability of any virtual machine hypervisor configuration of
the required RDRAND
instruction. This instruction is available to guest VMs by default in VMWare, Xen, KVM/Libvirt and Hyper-V and requires no special
configuration if default CPU configuration is used in these hypervisors.
Database Requirements¶
MySQL¶
- Minimal version: 5.6
- Recommended encoding: UTF-8 Unicode
Microsoft SQL¶
- Minimal version: 2014
- Recommended encoding: UTF-8 Unicode
Oracle Database¶
- Minimal version: 12.2
- Recommended encoding: UTF-8 Unicode
Redis¶
The Token Server uses Redis for caching. It is required to have a running Redis instance, otherwise the Token Server will not start. Redis must be configured in a High-available mode using Sentinel. Minimal version: 3.2.3
Proxy Requirements¶
If an outgoing proxy is used it needs to fulfill the following requirements:
iOS push notifications¶
- APNs uses HTTP/2 communication and any proxy must therefore support proxying HTTP/2 connections.
Other Requirements¶
- Working LDAP server or a reverse proxy for authentication of multiple users in the Admin console
- Working network connection to the internet for 'Docker pull', 'Apple push' and 'Google push'