Skip to main content

How to install Soffid PAM?

Introduction

Once you have installed Soffid Console and Sync Server, you could intall Soffid PAM. In this case we are going to see how to install PAM using Docker compose.

To install Soffid Console and Sync Server you can follow this documentation: https://bookstack.soffid.com/books/pam-install-config/chapter/installing-pam-using-docker-compose

Steps to install Soffid PAM

1. First of all, you must create a folder to save the yaml files you are going to create.

mkdir lab-soffid-pam

2. Go inside the folder

cd lab-soffid-pam

3. Create two folder, one to the store and other to the launcher

mkdir 01store
mkdir 02launcher

4. JKS

&&TODO&&

5. Create the Store container

5.1. Go inside the folder 01store

cd 01store

5.2. Once you are inside the folder, you must create a docker-compose.yaml file with the Store service definition. To create the YAML files you can use your usual text editor. 

version: '3.8'

services:
  pam-store:
    image: soffid/pam-store:1.4.48
    environment:
      JAVA_KEYSTORE: /opt/soffid/tomee/certificates/YOUR_soffid-pam-store.<STORE.jks> 
      KEYSTORE_PASS: YOUR_KEYSTORE
   ports:#ports:
      -#- "8081:8443"
    networks:
      - network
    volumes:
      - store-trustedcerts:/opt/soffid/tomee/trustedcerts
      - store-certificates:/opt/soffid/tomee/certificates
      - store-data:/opt/soffid/tomee/data

networks:
  network:
    name: YOUR_NETWORK
    driver: bridge

volumes:
  store-trustedcerts:
    name: soffid-pam-store-trustedcerts
  store-certificates:
    name: soffid-pam-certificates
  store-data:
    name: soffid-pam-store

5.3 Execute this command to initilize the Store container (thanks to the -d option, containers will continue to run in the background, even if you close the terminal)

sudo docker-compose up -d

5.4. Check the containers: to check the container you can use a docker or a docker-compose command, depend on what you want to check.

5.4.1. In the folder: you can use a docker-compose command

sudo docker-compose ps

5.4.2. All of them: you can use a docker command

sudo docker ps

5.5. Check the logs: docker logs are detailed records of the activities that occur within containers. They are like a diary that records everything that happens, from starting and stopping the container to error messages, application outputs, and any other interactions.

5.5.1.  You can use a docker-compose command

sudo docker-compose logs <SERVICE_NAME>

5.5.2. Or you can use a docker command

sudo docker logs -f <CONTAINER_NAME/CONTAINER_ID>

5.6. If you need to stop the container:

sudo docker-compose down

6. Create users: the Store container must be up.

6.1. Create Launcher user: once you execute this command, the terminal will return a password that you will need later. Keep it carefully.

sudo docker exec <STORE_CONTAINER> /opt/soffid/tomee/bin/add-user.sh user-launcher launcher

6.2. User Console user: once you execute this command, the terminal will return a password that you will need later. Keep it carefully.

sudo docker exec <STORE_CONTAINER> /opt/soffid/tomee/bin/add-user.sh user-console console

7. Create Launcher contaner

7.1. Go inside the folder 01launcher

cd 02launcher

7.2. Once you are inside the folder, you must create a docker-compose.yaml file with the Store service definition. To create the YAML files you can use your usual text editor. 

version: '3.8'

services:
  pam-launcher:
    image: soffid/pam-launcher:1.4.48
    environment:
      JAVA_KEYSTORE: /opt/soffid/tomee/certificates/<LAUNCHER.jks>
      KEYSTORE_PASS: <YOUR_KEY_PASSWORD>
      STORE_SERVER: https://<URL_STORE>:8443 or http://<URL_STORE>:8081
      STORE_USER: user-launcher
      STORE_PASSWORD: <USER_LAUNCHER_PASSWORD>
    ports:
      - "8082:8443"
    networks:
      - network
    volumes:
      - launcher-trustedcerts:/opt/soffid/tomee/trustedcerts
      - launcher-certificates:/opt/soffid/tomee/certificates
      - launcher-data:/opt/soffid/tomee/launcher
      - /var/run/docker.sock:/var/run/docker.sock
networks:
  network:
    name: YOUR_NETWORK
    driver: bridge

volumes:
  launcher-trustedcerts:
    name: soffid-pam-launcher-trustedcerts
  launcher-certificates:
    name: soffid-pam-certificates
  launcher-data:
    name: soffid-pam-launcher

7.3 Execute this command to initilize the Launcher container (thanks to the -d option, containers will continue to run in the background, even if you close the terminal)

sudo docker-compose up -d

7.4. Check the containers: to check the container you can use a docker or a docker-compose command, depend on what you want to check.

7.4.1. In the folder: you can use a docker-compose command

sudo docker-compose ps

7.4.2. All of them: you can use a docker command

sudo docker ps

7.5. Check the logs: docker logs are detailed records of the activities that occur within containers. They are like a diary that records everything that happens, from starting and stopping the container to error messages, application outputs, and any other interactions.

7.5.1.  You can use a docker-compose command

sudo docker-compose logs <SERVICE_NAME>

7.5.2. Or you can use a docker command

sudo docker logs -f <CONTAINER_NAME/CONTAINER_ID>

7.6. If you need to stop the container:

sudo docker-compose down

Back to top