SSOADM Alternatives

This topic contains 1 reply, has 2 voices, and was last updated by  Warren Strange 1 year, 7 months ago.

  • Author
    Posts
  • #21144
     mohammedanask 
    Participant

    We have an existing setup where all our ForgeRock infrastructure exist on Ubuntu 14.04 Virtual Machines. We are trying to deploy the above setup to Kubernetes and are trying to containerize the DS, AM and OpenIG products.

    In our VM setup, AM, Amster and ssoadm tool is on the VM and is used to setup our AM. ssoadm tool is executed with options create-identity, add-member and add-priviledges to setup users and permissions.

    In Docker world, I have managed to get AM deployed in an tomcat container. Once that container runs, I deploy an Amster container with scripts that configure this AM container. My issue arises when using ssoadm tool as it doesn’t have access to AM config directory. If my understanding is correct, it prevents us from using this tool remotely. From DevOps guide: https://backstage.forgerock.com/docs/platform/5.5/devops-guide/#intro-limitations it mentions Amster and AM Rest APIs as suitable alternatives to using ssoadm tool. I tried searching for similar functionality in the reference docs and wasn’t able to find any. Any help would be appreciated.

    If the above isn’t possible, is the recommended way that AM container would also contain ssoadm tool and Amster container would trigger that tool to perform those operations?

    I would like to avoid the way where a volume is mounted for AM config directory and the Amster container with ssoadm tool. As this prevents AM from horizontally scaling as there would be multiple config directories per AM containers.

    • This topic was modified 1 year, 7 months ago by  mohammedanask.
    • This topic was modified 1 year, 7 months ago by  mohammedanask.
    #21147
     Warren Strange 
    Participant

    You are right – amster can not manage identities. The recommendation is to use alternative tools to automate loading of user data ( ldif import, idm etc.).

    It is a bit tricky, but you can use ssoadm in a container. Create the openam home directory as an emptyDir: {} shared volume that both the openam and ssoadm containers mount.

Viewing 2 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic.

©2019 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?