Stand up locally with Docker
You'll need the following to run iridium locally:
Iridium is dependent on an RDBMS system such as MySQL or MariaDB
We will use Docker Compose to simplify the setup process. You can go about completing this step by either checking out the repo locally or using the Docker Compose file contents below.
Serve Iridium from the repo
Clone the repo
$ git clone git@github.com:IridiumIdentity/iridium.git
cd
into the project
$ cd iridium
Before running the compose command below be sure to set the environment variable HOST_INTERNAL. This ip address should be set to whatever your default gateway is. This is typically the ip address of your router on a home network. The address below is just an example.
export HOST_INTERNAL=192.168.1.x
Stand up mariadb, the latest version of the core iridium server
$ docker compose -f tools/schedulers/compose/local-iridium-compose.yml up -d
At this point you have a version of the Iridium core server and an instance of MariaDB We still need to initialize the database with specific data for Iridium to function.
You can verify this by executing docker ps
, you should see similar output like below
docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
a44c37b6d4c1 mariadb:10.6.11 "docker-entrypoint.s…" 6 seconds ago Up 3 seconds 0.0.0.0:3306->3306/tcp mariadb
b919d4ffcf56 iridiumidentity/iridium-core-server:latest "java -jar /opt/java…" 6 seconds ago Up 4 seconds 0.0.0.0:8381->8381/tcp iridium
It may take the iridium core server about 30 seconds to fully come up. You can verify all is good by watching the logs by
executing docker logs iridium -f
.
When you see the following, the server is ready to go.
main] o.s.b.w.embedded.tomcat.TomcatWebServer : Tomcat started on port(s): 8381 (http) with context path ''
main] software.iridium.api.Iridium : Started Iridium in 64.841 seconds (process running for 74.472)
Next, you should initialize the database
Initialize the Iridium Database
Iridium needs specific data entities to exist for it to function. This guide demonstrates how to use the iridium CLI to execute this task. This document assumes you have downloaded and unpacked the binary distribution of Iridium in a previous step as detail here.
To initialize the database execute the following command. Again we are expecting you to be in the top level folder of expanded tar.gz distribution you downloaded and unpacked earlier.
NOTE
You can initialize Iridium with or without a social provider at start up. Quick links are below. Iridium init is meant
to be non-destructive in that if you initialize the database once it will not work again. You will need to bring your
containers all the way down to run the init
function again.
Initialize with Iridium with the GitHub Login Provider
If you want to allow users to log in to the Iridium Management app with their GitHub account you can allow this here following the directions below:
Again we are expecting you to be in the top level folder of
expanded tar.gz distribution you downloaded and unpacked earlier. In this example, we are passing the flag to allow users to register
with the Iridium tenant using GitHub by passing the flag --allow-github=true
.
$ ./bin/iridium init \
--host=localhost \
--port=3306 \
--user=root \
--password \
--allow-github=true
The CLI tool should prompt your for the database password. Enter the password you configured upon standing up the database.
$ Enter value for --password (the database password):
Next the CLI will prompt for a GitHub Oauth application credentials. If you don't have a GitHub application ready to use, you can follow the directions here to create one
Enter your GitHub OAuth application id
$ Enter value for github client id: my-client-id
Enter your GitHub OAuth application secret
$ Enter value for github client secret: my-client-secret
From here, you should be able to log in to the Iridium Management UI using your GitHub account. At this point you've stood up the system with an Iridium tenant for and application for managing Iridium. At this point you can start to create your own tenant and applications in Iridium to be secured.
Next the CLI will prompt for a GitHub Oauth application credentials. If you don't have a GitHub application ready to use, you can follow the directions here to create one
Enter your GitHub OAuth application id
$ Enter value for github client id: my-client-id
Enter your GitHub OAuth application secret
$ Enter value for github client secret: my-client-secret
Upon successful initialization of the database you'll see similar output
06:22:59.884 [main] INFO software.iridium.cli.command.InitCommand - ########################################
06:22:59.884 [main] INFO software.iridium.cli.command.InitCommand - Database successfully initialized
06:22:59.884 [main] INFO software.iridium.cli.command.InitCommand - ########################################
06:22:59.884 [main] INFO software.iridium.cli.command.InitCommand - Iridium Management Application ID is ${someApplicationId}
06:22:59.885 [main] INFO software.iridium.cli.command.InitCommand - Be sure to place this in the appropriate environment.ts file
From here you need to take your generated id ${someApplicationId}
and stand up the Iridium Management UI.
Stand up the Iridium Management UI
The rest of this document assumes you have cloned the iridium repository, and you are in the root directory of project.
Update your environment.ts file with correct application ID. From the top level directory it's located at:
iridium-angular-client/projects/iridium-ui/src/environments/environment.ts
The file should look like this before you add your client id
export const environment = {
production: false,
iridium: {
domain: 'http://localhost:8381/',
redirectUri: 'http://localhost:4200/callback',
clientId: 'YOUR_CLIENT_ID',
errorPath: '/error'
}
};
After the change it will look like this. Keep in mind to swap out your real application id for ${someApplicationId}
export const environment = {
production: false,
iridium: {
domain: 'http://localhost:8381/',
redirectUri: 'http://localhost:4200/callback',
clientId: '${someApplicationId}',
errorPath: '/error'
}
};
cd
into the Angular project
$ cd iridium-angular-client/
build the ngx-iridium-client
and the management UI.
$ ng build ngx-iridium-client && ng serve
At this point you are ready to use Iridium to secure your system.
You've stood up the Iridium Core Server, and the management UI.
The next step is log in the management UI using either the local user you created (username/password) or the by using a social provider (such as GitHub) to access the system by visiting http://localhost:4200 in your browser.
From here, you can create tenants and associate single page applications or server apps in the UI to be secured by Iridium.