Identity Appliance

The identity appliance life cycle includes several important steps. These steps are:

Provisioning: The appliance configuration can be provisioned to the server using Terraform, a tool for building, changing, and versioning infrastructure safely and efficiently.

Lyfecycle: The appliance can be started, stopped, built, deleted, etc. using the command line interface (iamtfctl) tool. This allows you to control the appliance's availability as needed.

Tips

You can run multiple appliances in a single server, the appliance acts as a namespace for all the resources it contains. Each appliance is managed independently of the others.

Provision

To apply your configuration to an IAM.tfopen in new window server, you must provision it using Terraform to each server that will host an appliance. It's important to note that changes made to the configuration will not be applied to any running appliance. Instead, you must build or rebuild the appliance using the iamtfctl tool. This ensures that the appliance is running the latest version of the configuration, and minimizes downtime.

Once provisioned, the appliance can be managed using the command line interface (CLI) tool. This allows you to start, stop, and build the appliance as needed.

terraform apply

Start/Stop

After provisioning the appliance, you can start it using start command and passing the appliance-name or appliance-id as a parameter. The command will take a few seconds to complete.

iamtfctl start -a <appliance-name>

Tips

When you start an appliance for the first time, it will be automatically built.

If you want to stop the identity appliance, you can run the stop command and pass the appliance-name or appliance-id as a parameter.

iamtfctl stop -a <appliance-name>

Tips

You need to provide the -a flag to specify the appliance name when using the iamtfctl commands that apply to a specific appliance (i.e. start, stop, build, view, validate).

Status

This command will list all the appliances that are currently available on the server, including its state. Running appliances will be marked as STARTED.

iamtfctl list appliances

Validate

You can validate the appliance's configuration using the validate command. The server will check that the configuartion is valid and will return any errors found.

iamtfctl validate -a <appliance-name>

Build/Rebuild

You can apply changes provisioned using terraform to a running appliance using the build command. This command will take a few seconds to complete.

iamtfctl build -a <appliance-name>

Delete

You can delete an appliance from the server using the delete command. You can apply the terraform config and re-provision the appliance if you need to recreate it.

iamtfctl delete <appliance-name>

View

You can view the appliance's configuration using the view command. This command can be applied to multiple resources, including appliances, providers, identity sources and applications. Use the --help flag to see all available options.

iamtfctl view appliance -a <appliance-name>

Appendix : Externalizing Configuration Options

This feature allows you to keep configuration options in an external file. These options can vary from environment to environment, making appliance promotion easier. Those settings that should be updated, like user repository connection settings, can be kept outside the appliance.

In order to enable this feature you need to access the modeling tool and open your identity appliance definition. Select the identity appliance element and access the Security tab on the properties sheet at the bottom.

By enabling the External Configuration Properties checkbox, JOSSO will automatically look for a properties file at the following location: $IAMTF_HOME/etc/<appliance-realm>.cfg. You can specify your own file, by entering the full URL in the External Configuration File input field.

Tips

IAM.tfopen in new window will not create any configuration files, even when using the default name and location.

The file follows a standard java properties format: <property-name>=<property-value>, let’s take a look at our example: $IAMTF_HOME/etc/com.mycompany.sso.prod.cfg

pre-authn.url=http://login.mycompany.com/login.aspx
db-server=10.1.1.1
db-user=users
db-password=secret

And now we can use them when configuring Identity Appliance elements:

  • $
  • $
  • $
  • $

Referring Configuration Properties

When you want to refer to a configuration property from any input field on any element, just use this syntax, where property-name must be replaced with a specific property available in the configuration file.

${<property-name>}
Last Updated:
Contributors: Sebastian, fbosch