identity-brokerage logo

ibmcom/identity-brokerage

By ibmcom

Updated 5 months ago

Image
1

10K+

IBM Security Verify Identity Brokerage

IBM Security Verify Identity Brokerage is a new gateway to directly integrate IBM® Security Verify with on-prem targets using IBM® Security Identity Manager Adapters. The on-prem targets can then be managed by performing Identity Provisioning and Account Synchronization operations on them from IBM® Security Verify.

System requirements:
  • CPU: Four cores reserved.
  • System memory: 16 GB reserved.
  • Disk space: At least 100 GB free hard disk space
  • Operating System: Linux based operating system having support for Linux based containers. See https://docs.docker.com/install/.
  • Docker engine 19.03.0 or higher.
  • Docker Compose: See https://docs.docker.com/compose/install/.
  • Must: Connectivity to a IBM® Security Verify tenant with Identity Governance subscription.
Deploying IBM Security Verify Identity Brokerage:
  1. View the license. Pull the image from the docker hub to view it with following commands:
docker pull ibmcom/identity-brokerage:latest
docker run --rm  ibmcom/identity-brokerage:latest license

docker pull ibmcom/verify-bridge:latest
docker run --rm  ibmcom/verify-bridge:latest license

NOTE: It is mandatory to accept the license for deploying IBM Verify Bridge for Authentication and IBM Security Verify Identity Brokerage with [parameter - LICENSE_ACCEPT: “yes”] in docker-compose.yml file.

  1. Create a file docker-compose.yml with the following content:
version: '3'
volumes:
    postgres-vol:
    broker-vol:
services:
    ib-init:
         image: 'registry.access.redhat.com/ubi8/ubi'
         container_name: ib-init
         entrypoint: /bin/sh
         command: -c " [ -d /postgres/certs ] && echo "exiting..." && exit 0; mkdir -p /broker/certs; mkdir -p /broker/common; chown -R 1001:1001 /broker/; yum install -y openssl; mkdir -p /postgres/certs; cd /postgres/certs; openssl req -new -text -passout pass:secret -subj /CN=ibdb -out server.req -keyout privkey.pem; openssl rsa -in privkey.pem -passin pass:secret -out server.key; openssl req -x509 -days 7300 -in server.req -text -key server.key -out server.crt; chmod 600 server.key;  mkdir -p /postgres/ibdb/ilc_ib_data; mkdir -p /postgres/ibdb/ilc_ib_indx; mkdir -p /postgres/ibdb/ilc_ib_blob; chown -R 70:70 /postgres/;"
         volumes:
                 - postgres-vol:/postgres
                 - broker-vol:/broker
    ibdb:
         image: postgres:12-alpine
         container_name: ibdb
         shm_size: 1gb
         entrypoint: /bin/bash
         command: -c "echo 'Starting';  while true; do echo 'waiting for ib-init to complete...' && sleep 2 ; [ -d /var/lib/postgresql/data/ibdb/ilc_ib_blob ] && break;  done; /usr/local/bin/docker-entrypoint.sh postgres -c ssl=on -c ssl_cert_file=/var/lib/postgresql/data/certs/server.crt -c ssl_key_file=/var/lib/postgresql/data/certs/server.key;"
         user: postgres
         restart: always
         depends_on:
                 - ib-init
         environment:
                 POSTGRES_USER: "postgres"
                 POSTGRES_PASSWORD: "ideas"
                 POSTGRES_DB: "ibdb"
                 PGDATA: /var/lib/postgresql/data/db-files/
         ports:
                 - "5432:5432"
         volumes:
                 - postgres-vol:/var/lib/postgresql/data
    identity-brokerage:
         image: ibmcom/identity-brokerage
         container_name: identity-brokerage
         depends_on:
                 - ib-init
                 - ibdb
         environment:
                LICENSE_ACCEPT: "yes"
                HOSTNAME: "identity-brokerage"
                DB_SERVICE_NAME: "ibdb"
                TRACE: "enabled"
                SCIM_USER: "<>"
                SCIM_USER_PASSWORD: "<>"
                RECONCILIATION_FAILURETHRESHOLD_VALUE: "75"
         restart: always
         ports:
                 - "8443:8443"
         volumes:
                 - broker-vol:/store
    verify-bridge:
         image: ibmcom/verify-bridge:latest
         container_name: verify-bridge
         depends_on:
                 - ib-init
                 - ibdb
                 - identity-brokerage
         environment:
                LICENSE_ACCEPT: "yes"
                TRACE: "true"                
                TENANT_URI: "<>"
                CLIENT_ID: "<>"
                CLIENT_SECRET: "<>"
         restart: always

NOTE:

  • Fill in the SCIM_USER and SCIM_PASSWORD with the same values as used during Identity Agent configuration on IBM® Security Verify.
  • Fill in the TENANT_URL as the IBM® Security Verify tenant URL
  • Fill in the CLIENT_ID and CLIENT_SECRET with appropriate values that will be generated once the Identity Agent configuration is done on IBM® Security Verify.
  1. Run the following commands to deploy the IBM Security Verify Identity Brokerage along with IBM Verify Bridge for Authentication:
docker-compose -f docker-compose.yml up -d
  1. If you are upgrading, run the following commands:
docker stop  verify-bridge identity-brokerage ibdb

docker rm  verify-bridge identity-brokerage ibdb

docker-compose -f docker-compose.yml pull

docker-compose -f docker-compose.yml up -d
  1. verify the containers have started properly by typing the following command and observe the state of three containers by executing the following command:
docker ps
  1. For viewing of logs and troubleshooting, execute a command:
docker logs -f <container_name>

Docker Pull Command

docker pull ibmcom/identity-brokerage