Image overview
- 15 Jan 2025
- 4 Minutes à lire
- SombreLumière
- PDF
Image overview
- Mis à jour le 15 Jan 2025
- 4 Minutes à lire
- SombreLumière
- PDF
The content is currently unavailable in French. You are viewing the default English version.
Résumé de l’article
Avez-vous trouvé ce résumé utile ?
Merci pour vos commentaires
This topic provides an overview about the images included in OneSpan Authentication Server for Docker package and covers additional configuration options for the images.
Figure: Image structure and relations
OneSpan Authentication Server
Image files
- onespan_ias_maria. The OneSpan Authentication Server image to use with MariaDB.
- onespan_ias_mssql. The OneSpan Authentication Server image to use with Microsoft SQL Server.
- onespan_ias_oracle. The OneSpan Authentication Server image to use with Oracle Database.
Mount points and secrets
| Path | Mandatory | Description |
|---|---|---|
| /run/secrets/onespan.com/admin_username | Yes | The user name of the first administrator. |
| /run/secrets/onespan.com/admin_password | Yes | The password of the first administrator. |
| /run/secrets/onespan.com/db_username | Yes | The user name of the database administrator. |
| /run/secrets/onespan.com/db_password | Yes | The password of the database administrator. |
| /opt/vasco/ias/templates/identikey/identikeyconfig.tmpl | No | The configuration file template. Can be edited using the GUI configuration image (see Using the GUI configuration image). |
| /tmp/vasco/license.dat | No | The server license file. |
| /config/certtrust | No | The folder that contains trusted certificates (PEM files only). |
Environment variables
| Variable name | Mandatory | Description |
|---|---|---|
| IASDB_SERVICE_NAME | No | The database service DNS or IP address. Default value: IAS DB |
| IASDB_SERVICE_PORT | Yes | The database service port. Default value: Not set |
| IASDB_DATABASE_NAME | No | The database name to use. Default value: IAS DB |
| IASDB_DSN | No | The database DSN. Only required when you mount an external ODBC data source configuration file (odbc.ini). Default value: iasdb |
| CARG_SERVER_LOCATION | No | The hostname or the address of a network interface to which the OneSpan Authentication Server service should bind. If CARG_SERVER_LOCATION is defined, it overrides the OneSpan Authentication Server service location or IP address settings in the configuration file. If CARG_SERVER_LOCATION is not defined, the server location is taken from the mounted configuration file template (identikeyconfig.tmpl) if set. If the respective XML attribute is empty or not set in the mounted configuration file, the server location is set to the following default value: getent hosts $HOSTNAME | awk '{ print $1 }' |
| CARG_IAS_UPGRADE_MODE | No | Determines whether to start the container in upgrade mode. Default value: false |
| CARG_WAIT_FOR_DATABASE | No | The timeout (in seconds) to wait for the database service becoming available. Default value: 60 |
The onespan_ias_oracle image expects additional environment variables to configure the data source connection.
| Variable name | Mandatory | Description |
|---|---|---|
| CARG_IASDB_ORACLE_SID | Yes | The service identifier of the OneSpan Authentication Server database. Default value: Not set |
| CARG_IASDB_ORACLE_SID_TYPE | Yes | The service identifier type of the OneSpan Authentication Server database. Default value: Not set |
| TNS_ADMIN | No | The path to the Oracle Net Services configuration folder. Default value: /usr/lib/oracle/19.17/client64/network/admin |
Ports
| Port number | Protocol | Description |
|---|---|---|
| 1812 | UDP | RADIUS |
| 1813 | UDP | RADIUS |
| 8888 | TCP | SOAP |
| 8889 | TCP | Health check |
| 20003 | TCP | SEAL without SSL |
| 20004 | TCP | SEAL with SSL |
Supported databases
| Image | Database version | Suggested database image |
|---|---|---|
| onespan_ias_maria | MariaDB 10.11 | docker.io/mariadb:10.11-jammy |
| onespan_ias_mssql | Microsoft SQL Server 2022 | mcr.microsoft.com/mssql/server:2022-latest |
| onespan_ias_oracle | Oracle Database 19 | See docker-images. |
Limitations
- HSM support has not been tested.
Additional information
- The SSL settings of the OneSpan Authentication Server containers are fully configurable via the XML configuration file and template. If you need to disable SSL for troubleshooting purposes, you can do so by editing the XML configuration file or using the GUI configuration image (see Using the GUI configuration image).
Message Delivery Component (MDC)
Image files
- onespan_mdc. The Message Delivery Component (MDC) image to use with a OneSpan Authentication Server image (see OneSpan Authentication Server).
Mount points and secrets
| Path | Mandatory | Description |
|---|---|---|
| /opt/vasco/ias/templates/mdc/mdcconfig.xml | No | Valid MDC configuration file. Can be edited using the GUI configuration image (see Using the GUI configuration image). |
| /config/certtrust | No | The folder that contains trusted certificates (PEM files only). |
Environment variables
| Variable name | Mandatory | Description |
|---|---|---|
| CARG_SERVER_LOCATION | No | The hostname or the address of a network interface to which the MDC service should bind. If CARG_SERVER_LOCATION is defined, it overrides the MDC service location or IP address setting (/VASCO/MDC-Server/MDC-IP) in the MDC configuration file. If CARG_SERVER_LOCATION is not defined, the server location is taken from the mounted configuration file (mdcconfig.xml) if set. If the respective XML attribute is empty or not set in the mounted configuration file, the server location is set to the following default value: getent hosts $HOSTNAME | awk '{ print $1 }' |
Ports
| Port number | Protocol | Description |
|---|---|---|
| 20007 | TCP | SEAL |
Limitations
- No health check endpoint.
Additional information
- The SSL settings of the MDC container are fully configurable via the XML configuration file and template. If you need to disable SSL for troubleshooting purposes, you can do so by editing the XML configuration file or using the GUI configuration image (see Using the GUI configuration image).
Web Administration Service
Image files
- onespan_was. The Web Administration Service image to use with a OneSpan Authentication Server image.
Mount points and secrets
| Path | Mandatory | Description |
|---|---|---|
| /run/secrets/onespan.com/sslcert.pem | No | The server certificate. |
| /run/secrets/onespan.com/sslcert.key | No | The encrypted server certificate key. |
| /run/secrets/onespan.com/sslcert-ca.pem | No | The certification authority (CA) certificate for the server certificate (sslcert.pem). |
| /run/secrets/onespan.com/sslcert.password | No | The password for the encrypted server certificate key. |
| /config/certtrust | No | The folder that contains trusted certificates (PEM files only). |
Environment variables
| Variable name | Mandatory | Description |
|---|---|---|
| IAS_SERVICE_NAME | No | The OneSpan Authentication Server service DNS or IP address. Default value: ias |
| IAS_SERVICE_PORT | No | The OneSpan Authentication Server service port. Default value: 8888 |
| IAS_SERVICE_PROTOCOL | No | The OneSpan Authentication Server server protocol (either https or http). Default value: https |
| CARG_WAS_FILE_UPLOAD_MAXSIZE | No | The file upload size limit (in bytes). Default value: 20971520 |
| CARG_WAS_LOG_LEVEL | No | The log level for Log4j. Default value: No set |
| CARG_USER_LIST_USECOUNT | No | Determines the behavior and look of the USERS list. If set to false, the list does not show the total number of returned results, no links to individual pages, no Go to Last Page button, and no Select all users from ALL pages link. Default value: true |
| CARG_DP_LIST_USECOUNT | No | Determines the behavior and look of the DIGIPASS list. If set to false, the list does not show the total number of returned results, no links to individual pages, no Go to Last Page button, and no Select all DIGIPASS from ALL pages link. Default value: true |
Ports
| Port number | Protocol | Description |
|---|---|---|
| 8443 | TCP | The Administration Web Interface. |
Limitations
- The password of the encrypted SSL certificate key is stored in plaintext in /apache-tomcat-tomcat_version/conf/server.xml, where tomcat_version is the version of Apache Tomcat included in the Web Administration Service image, e.g. 9.0.90.
- The Administration Web Interface port number cannot be configured.
- Custom Apache Tomcat and Log4j configuration files cannot be mounted.
- No health check endpoint.
Additional information
- If you need to disable SSL for troubleshooting purposes, you can do so by omitting the SSL certificate mounts from the service configuration.
GUI configuration
Image files
- onespan_config. A Docker image to run the GUI configuration tools to facilitate the configuration of OneSpan Authentication Server and MDC.
Mount points and secrets
You can mount any OneSpan Authentication Server or MDC configuration file or configuration file template to edit it with the respective configuration tool.
By default, the container will run the OneSpan Authentication Server Configuration Utility (ikconfigutilgui) if one of the following mount points are provided:
- /mnt/identikeyconfig.xml
- /mnt/identikeyconfig.tmpl
- /mnt/templates/identikeyconfig.xml
- /mnt/templates/identikeyconfig.tmpl
By default, the container will run the MDC Configuration Utility (mdcconfiggui) if one of the following mount points are provided:
- /mnt/mdcconfig.xml
- /mnt/mdcconfig.tmpl
- /mnt/templates/mdcconfig.xml
- /mnt/templates/mdcconfig.tmpl
Limitations
- File path and database connection validation are disabled.
- Advanced ODBC storage configuration is disabled.
- Testing MDC gateway is disabled.
- Testing ODBC connections is disabled.
- The OneSpan Authentication Server and MDC daemons cannot be restarted.
Cet article vous a-t-il été utile ?