Your suggested change has been received. Thank you.

close

Suggest A Change

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

Thales Logo

All

  • All
back

Installation

Podman

search

Please Note:

Podman

Prerequisites

This section provides the installation files and prerequisites required for Podman.

  • Database: DB for SafeNet Access Exchange should be created in advance with a user who has privileges over it.

  • Hostname: For a production ready installation, you need a machine with IP/hostname that can be used to contact SafeNet Access Exchange.

  • TLS Certificate and associated keys: For securing https traffic.

  • Podman and podman-compose should be installed on the machine.

Deployment Steps

This section provides the instructions to deploy SafeNet Access Exchange.

  1. Download the SafeNet Access Exchange zipped file on your RHEL machine. It has SafeNet Access Exchange (SAE) image in tar format.

  2. Run following command to unzip the file:

    gunzip <FileName>.tar.gz

  3. Load the image using below command:

    podman load -i <FileName>.tar

  4. You can view the image that you just loaded using following command:

    podman images

  5. Place the attached compose file in your RHEL machine.

    compose.zip

  6. Make the following changes in the compose file:

    a. Replace (version) in compose file with podman-compose version. You can identify that by running following command in your RHEL machine:

    podman-compose --version

    b. Replace (image ID) in the compose file with the actual image ID of the SafeNet Access Exchange image you just loaded. It can be found using following command:

    podman images

    c. Under volumes tag, make the following changes:

    • Replace with the certificate you use for securing the https traffic for SAE.

    • Replace (privateKey.pem) with the corresponding key of the certificate you are using.

    • Make sure that the path of above files is correct. For example, if your certificate is placed at the location /opt/sae/cert/cert.pem on your host machine, then the volume mount will look like--> /opt/sae/cert/cert.pem:/opt/keycloak/conf/cert.pem:Z

    Note

    The path to certificate, key files should be relative to the path of compose file.

    d. Under environment tag make the following changes:

    • Replace the value of KC_HOSTNAME from (fqdn or IP of the SAE instance) with the actual fqdn/IP that you will use to run SAE solution.

    • Replace the value of KEYCLOAK_ADMIN_PASSWORD from (change_me) with the password of admin user as per your choice.

    • Replace the value of KC_DB from (mssql or mysql as per your environment) with:

      • if you want to connect SAE with MsSql, keep the value as mssql.

      • if you want to connect SAE with MySql, keep the value as mysql.

    • Replace the value of KC_DB_URL from (jdbc connection string) with the jdbc connection string/URL that will be used to connect SAE with the database.

    • Replace (dbUser) and (password) with the database user and password details.

    e. Save the compose file.

    Note

    This is just a sample compose file. You can edit this or prepare your own compose file based on your organizational needs.

  7. Bring up the container by running:

    podman-compose up -d

  8. Check the details of container like container ID, image ID etc by running following command:

    podman ps -a

    The status should be “UP”

  9. To check the logs, you can run:

    podman logs <containerID>.

  10. Open the windows machine and access the safenet access exchange instance using https://(fqdn or IP OF SAE).

  11. Login using userID and password mentioned in compose file.

    Note

    You might face an issue while connecting to mssql database. This could be due to following reason:

    1. Container cannot load drivers to connect to the db.

    2. The image does not include the Microsoft JDBC driver for SQL Server by default. You need to add the JDBC driver manually because it is a proprietary driver.

To resolve this, you can try the following approach:

  1. Download the jdbc connector jar file for mssql from Microsoft website and place it in your RHEL machine.

  2. Manually, mount the connector in your container by editing the compose file. Add following line in compose file under the volumes tag: /path/to/jdbcConnector/:/opt/keycloak/providers/

  3. Make sure that the path of above file is correct. For example, if your jdbc connector is placed at the location /opt/sae/jdbc/mssqlconnector.jar on your host machine, then the volume mount will look like--> /opt/sae/jdbc/mssqlconnector.jar:/opt/keycloak/providers/mssqlconnector.jar

On this page