Running IDPV Server

For running the IDPV server, perform the following procedure:

1. Execute the following Docker command to run IDPrime Virtual Server:

   
   docker run -d --name <container-name> -it -v <configuration-directory>:/publish/Config/ -v <luna/dpod/KeySecure-configuration-directory>:/usr/local/hsm/ -p <host-https-port>:5001 <docker image>:<version>
   
   
   

   For RHEL 8 or 9 with podman environment, run the following command:

   
   podman run -d --name <container-name> -it --mount 'type=bind,src=<configuration-directory>,dst=/publish/Config/,relabel=shared,U' --mount 'type=bind,src=<hsm-configuration-directory>, dst=/usr/local/hsm/,relabel=shared,U' -p <https-port>:5001 <container-image>:<version>
   
   
   

   Where:

   • container-name:

     The name of the Virtual IDPrime Server container. It can be any value, but must be as per container naming guidelines of the Docker.

     Example: idprimevirtualserver

   • configuration-directory:

     Path of the directory on the host which contains required files or certificates.

     Example: /var/thales/config/

     Inside container this path is referred as /publish/Config.

   • luna/dpod/KeySecure-configuration-directory:

     Place all the files for Luna HSM or DPoD or KeySecure under the /var/thales/hsm directory.

     For more information regarding HSM setup, refer to the following section.

     In case of SoftHSM mapping, the /var/thales/hsm directory is not needed. So, do the following in the docker and podman commands example given below: For Docker, remove: -v /var/thales/hsm:/usr/local/hsm For podman, remove: --mount 'type=bind,src=/var/thales/hsm,dst=/usr/local/hsm,relabel=shared,U'

   • <docker image>:<version>:

     This is the Docker image name and its version as generated in step 3 of Deploying IDPrime Virtual Server in Docker.

     Example of Docker command:

     
     docker run -d --name idprimevirtualserver -it -v /var/thales/config:/publish/Config/ -v /var/thales/hsm:/usr/local/hsm/ -p 443:5001 idprimevirtual_server:2.x
     

     For RHEL 8 or 9 with podman environment, the command is:

     
     podman run --name idpv-luna -it -d --mount 'type=bind,src=/var/thales/config,dst=/publish/Config/,relabel=shared,U' --mount 'type=bind,src=/var/thales/hsm,dst=/usr/local/hsm/,relabel=shared,U' -p 5003:5001 idprimevirtual_server_full:2.x
     

     The network value is taken as default (bridge) network. Port 80 and 443 must be available and not be blocked.

2. Once the command is executed successfully, a 64-character GUID is visible for the container. To view the log file, run the command below:

   
   docker logs <container-name>
   
   
   

   For RHEL 8 or 9 with podman environment, the command is:

   
   podman logs <container-name>
   
   
   

   Example:

   
   docker logs idprimevirtualserver
   

   For RHEL 8 or 9 with podman environment, the command is:

   Example:

   
   podman logs idprimevirtualserver
   

3. Run the following command to enter into the container:

   
   docker exec -it <container-name> sh
   podman exec -it <container-name> sh
   
   
   

   Example:

   
   docker exec –it idprimevirtualserver sh
   

   For RHEL 8 or 9 with podman environment, the command is:

   
   podman exec –it idprimevirtualserver sh
   

4. Run the following command to verify if the Luna client Or DPoD is configured successfully for the container:

   
   lunacm
   

   It must return the configured partition details.

5. Verify if the SafeNet IDPrime Virtual Server is running using the <server-address> URL on any browser.

• When Docker is deployed, manually restart the container after updating the configurations using the following command:
docker restart <container-name or id>
• When Kubernetes is deployed, the server automatically restarts after Secret and ConfigMap are updated.

After running the SafeNet IDPrime Virtual Server files, you need to start the container and setup a new or existing tenant. To create or update tenant configuration, refer to the Updating Identity Provider Parameters.