This section covers the requirements for the Token Server. It's divided into the following subsections:

Physical/Virtual Hardware Requirements

The following requirements are the minimum to run the Onegini Token Server.

  • CPU: 2 cores
  • Memory: 4GB
  • Disk: 40 GB

Operating System Requirements


Minimal: 7.0 - Recommended: 7.2

Other, but not tested

Docker supported Linux distributions

Onegini user

By default Docker runs as root inside the container. At the moment the Docker user namespace is not supported yet. To run the container as a different user you need to create a user with predefined uid and gid.

$ groupadd -r -g 5675 onegini && useradd -r -m -u 5675 -g onegini onegini

Software Requirements


To deploy the Onegini Token Server, you need a prepared Docker environment. Please follow the Docker installation guide from the Docker website.

Minimal version: 1.8.2 - Recommended: 1.10.3


Compose is a tool for defining and running complex applications with Docker. With Compose, you define a multi-container application in a single file, then spin your application up in a single command which does everything that needs to be done to get it running. To install Docker Compose follow the guide on their website.

Minimal version: 1.5.2 - Recommended: 1.7.0

Random number generation

If the Onegini Token Server is deployed using a virtual environment you will need to ensure appropriate entropy is generated. Since the Onegini Token Server performs the generation of cryptographic secrets to achieve its security goals, appropriate entropy is necessary to ensure its secure operation.

We recommend using appropriate hardware with cryptographic number generation means. Hardware random number generation is available as a CPU feature in Intel Ivy Bridge and later (Xeon series v2 and higher) and all AMD Epyc processors. We recommend enabling availability of any virtual machine hypervisor configuration of the required RDRAND instruction. This instruction is available to guest VMs by default in VMWare, Xen, KVM/Libvirt and Hyper-V and requires no special configuration if default CPU configuration is used in these hypervisors.

Database Requirements


  • Minimal version: 5.6
  • Recommended encoding: UTF-8 Unicode

Microsoft SQL

  • Minimal version: 2014
  • Recommended encoding: UTF-8 Unicode

Oracle Database

  • Minimal version: 12.2
  • Recommended encoding: UTF-8 Unicode


The Token Server uses Redis for caching. It is required to have a running Redis instance, otherwise the Token Server will not start. Redis must be configured in a High-available mode using Sentinel. Minimal version: 3.2.3

Proxy Requirements

If an outgoing proxy is used it needs to fulfill the following requirements:

iOS push notifications

  • APNs uses HTTP/2 communication and any proxy must therefore support proxying HTTP/2 connections.

Other Requirements

  • Working LDAP server or a reverse proxy for authentication of multiple users in the Admin console
  • Working network connection to the internet for 'Docker pull', 'Apple push' and 'Google push'