In-memory authentication¶
For scenarios where neither an LDAP server nor header authentication is available (e.g. while testing), there is an in-memory user store for a single user. This in-memory user store is disabled by default.
| Property | Default value | Description |
|---|---|---|
| SECURITY_IN_MEMORY_ENABLED | false | Flag to enable/disable the in-memory user store |
| SECURITY_IN_MEMORY_USERNAME | tokenserver | Username to log in |
| SECURITY_IN_MEMORY_PASSWORD | Password to log in. |
When no value is set for SECURITY_IN_MEMORY_PASSWORD, a random value is generated during start up. In a clustered environment each node will generate a
different random password. In order to know the random password, the logger level of com.onegini.tokenserver.admin.config.security must be set to DEBUG:
JAVA_OPTS="-Dlogging.level.com.onegini.tokenserver.admin.config.security=DEBUG"
With that property the password will be printed to the console during startup:
... .InMemoryUserAuthenticationConfiguration : using '3dd92895f09dfeb71b0184bcb90612d7' as the password for the 'tokenserver' user
The default user has the admin role, which means they can access the admin console without any limitations.