Install OIDC Landing Page

Haventec OIDC Landing Page requires a PostgreSQL database

See setting up a database for details.

Create configuration files

Each container requires a configuration file with a list of variables to specify the database details and the URI of the other container. Please edit it to match your environment.

Haventec OIDC Landing Page configuration file

Create the file env_haventec_oidc_lp.list . This is an example:


    ##################################
    # Haventec OIDC LP env variables #
    ##################################
    # HTTPS Docker configuration
    #       on    : The container expects HTTPS requests, it uses a self-signed certificate
    #       off   : (default) The container expects HTTP requests
    #HTTP_SSL=on

    # Database properties (Note: The current Haventec OIDC Landing Page version only supports postgreSQL DB)
    DB_HOST=postgres
    DB_PORT=5432
    DB_NAME=htoidclanding
    DB_USER=haventec
    DB_PASS=password

    # Haventec Authenticate URI
    # It is used at use-cases that send request to Haventec Authenticate
    HAVENTEC_AUTHENTICATE_API_URL=http://authenticate:9000

    HTTP_PROXY_REQUIRED=false

    # Profile chosen to run the application Haventec Landing Page
    #       production_postgres      : Production profile with a PostgreSQL DB
    #       production_postgres_ssl  : Production profile with a PostgreSQL DB using TLS
    PROFILE=production_postgres

    # Java Virtual Machine Options
    #
    #JVM_OPTIONS=-Xms312m -Xmx312m

    # NGINX Logs Options
    #      on      : NGINX logs to the standard docker output (Default)
    #      off     : Switch off NGINX logs
    NGINX_LOGS=off

    # Application Log Format (Optional)
    #      Not present  : Text line (Default)
    #      JSON         : JSON format
    #LOGS_FORMAT=JSON

    # Landing Page public URL pattern
    # It will be used to serves the customised login pages per application
    # The domain pattern must start with string "clientId" (e.g: https://clientId.auth.yourdomain.com)
    # The logic will read the value at the group "clientId" to recognise the application and serve its
    # customised pages. For instance if a browser goes to https://firstApp.auth.yourdomain.com
    # it will receive back the login pages customised for the application with clientId=firstApp
    DEFAULT_LANDING_PAGE_URI=https://clientId.auth.yourdomain.com
    

Download the Haventec Docker images

Log into Docker hub

Open a terminal and log into Docker Hub with the account credentials provided to you by Haventec.

If you cannot access the Haventec Docker repository, please contact us.


    docker login --username=yourusername
    

Load the Haventec Docker images


    docker pull haventec/oidc-landing-page:latest
    

For simplicity, this manual will run the container on a single local server. The container need to communicate with authenticate so we need to create a docker network to allow that communication (If It wasn't created already on a previous step)


    docker network create haventec-network
    

If you have the PostgreSQL DB also running locally in a docker, we have to add it to the docker network (If It wasn't added already on a previous step):


    docker network connect --alias postgres haventec-network postgres
    

Run Haventec OIDC LP Docker

Execute the following command from the folder that contains the configuration file env_haventec_authenticate.list.


    docker run --env-file env_haventec_oidclp.list \
               --name "oidclp" \
               -it -p7000:9000 \
               --net haventec-network \
               --net-alias "oidclp" "haventec/oidc-landing-page:latest"
    

Test


    http://localhost:7000/lp/api/oidc-landing-page/v1-0/health
    

You should see a health status like


    {
        "responseStatus": {
            "status": "SUCCESS",
            "message": "OK",
            "code": ""
        }
    }
    

Production Configuration

Connection between Console and OIDC LP

Please make use of the optional container variable "HAVENTEC_LANDINGPAGE_URI" when running Console to allow the communication between Console and the OIDC LP service.

Ingress rules

The OIDC LP will display the login pages on the URL defined by the container environment variable "DEFAULT_LANDING_PAGE_URI"

If your on-premise installation would like to support multiple OIDC applications. You will need to configure an Ingress rule that allows multiple clientId, for instance "https://*.auth.yourdomain.com"