Getting Started

A quick howto on how to deploy IAM

This section provides insight on how to deploy and configure an IAM service instance.

IAM is a spring boot application designed to run behind an NGINX reverse proxy, which is used for TLS termination and possibly load balancing. The IAM service instances keep all state in a MariaDB/MySQL database, as shown in the following picture:

IAM deployment overview


At the bare minimum, to run a production instance of the instance of the IAM you will need:

  • An X.509 certificate, used for SSL termination at the NGINX reverse proxy; you can get one for free from Let’s Encrypt;
  • An NGINX server configured to act as a reverse proxy for the IAM web application; more details on this in the NGINX section;
  • A MariaDB/MySQL database instance; more on this in the database configuration section;
  • A JSON keystore holding the keys used to sign JSON Web Tokens; more on this in the JWK section;

You will also need to choose whether you want to deploy you service as a docker container (recommended) or install from packages.

In case you chose to install from packages you can have a look at the IAM puppet module to deploy and configure the service.

And finally, you will have to setup a minimal IAM configuration and change the administrator password for the newly configured IAM service; more on this in the basic configuration section.

Last modified July 30, 2021: First draft of the new IAM website (1c71f01)