Skip to content

Login Service⚓︎

The Login Service provides the platform Authorization Server for authenticated user identity and request authorization.

Helm Chart⚓︎

The Login Service is deployed via the login-service helm chart from the EOEPCA Helm Chart Repository.

The chart is configured via values that are fully documented in the README for the login-service chart.

helm install --values login-service-values.yaml um-login-service eoepca/login-service

Values⚓︎

At minimum, values for the following attributes should be specified:

  • Public hostname of the Authorization Server, e.g. auth.192.168.49.123.nip.io
  • Initial password for the admin user
    Note that the password must meet the complexity: at least 6 characters and include one uppercase letter, one lowercase letter, one digit, and one special character
  • IP Address of the public facing reverse proxy (Nginx Ingress Controller), e.g. 192.168.49.123
  • Name of Persistent Volume Claim for login-service persistence, e.g. eoepca-userman-pvc
    The boolen value volumeClaim.create can be used for the PVC to be created by the helm release. This creates a volume of type host-path and, hence, is only useful for single-node development usage.
  • TLS Certificate Provider, e.g. letsencrypt-production

Example login-service-values.yaml

volumeClaim:
  name: eoepca-userman-pvc
  create: false
config:
  domain: auth.192.168.49.123.nip.io
  adminPass: Chang3me!
  ldapPass: Chang3me!
  volumeClaim:
    name: eoepca-userman-pvc
opendj:
  volumeClaim:
    name: eoepca-userman-pvc
oxauth:
  volumeClaim:
    name: eoepca-userman-pvc
oxtrust:
  volumeClaim:
    name: eoepca-userman-pvc
global:
  domain: auth.192.168.49.123.nip.io
  nginxIp: 192.168.49.123
nginx:
  ingress:
    annotations:
      cert-manager.io/cluster-issuer: letsencrypt-production
    hosts:
      - auth.192.168.49.123.nip.io
    tls:
      - hosts:
          - auth.192.168.49.123.nip.io
        secretName: login-service-tls

Login Service Usage⚓︎

Once the deployment has been completed successfully, the Login Service is accessed at the endpoint https://auth.<domain>/, configured by your domain - e.g. https://auth.192.168.49.123.nip.io/.

Login as the admin user with the credentials configured in the helm values - ref. adminPass / ldapPass.

Typical first actions to undertake through the Gluu web interface include creation of users and clients.

Additional Information⚓︎

Additional information regarding the Login Service can be found at:

Back to top