Setup Pilot Mode
This document describes how to set up IAM Pilot mode from the original downloaded
package file: domino-iam-service.tgz
.
What is Pilot mode
Pilot mode is a quick way to set up the IAM server. Use Pilot mode to:
- Explore IAM features.
- Set up an IAM server for your application development environment.
NOTE:
- In Pilot mode, IAM stores raw, unencrypted data to local files. It is therefore not suitable for a production environment.
- The steps on the Preparation and Domino Configuration pages are not required for Pilot mode.
IAM package structure
Decompress the domino-iam-service.tgz package file. It contains the following files:
domino-iam-service/
| admin-client/
| config/
| dependencies/
| template/
| utility/
| views/
| iam-server.js
| package-lock.json
| package.json*
Install npm dependency packages
IAM's dependency packages need to be downloaded and installed by npm. Please make sure that your server has network connectivity and use the following command for package installation:
cd domino-iam-service
npm ci
IAM Pilot mode set up
To begin setup, enter the following command:
~/domino-iam-service$ npm run setup
Step 1. Select Pilot mode
Select Pilot as the setup mode.
Welcome to IAM Setup
? Choose setup mode (Use arrow keys)
❯ Production.
Pilot, a helper mode to pilot IAM service.
Step 2. Configure the IAM administrator credentials
Create a name and password for the IAM administrator to use to log on to the IAM server.
? IAM Admin username: admin
? Enter IAM Admin password: [hidden]
? Enter IAM Admin password again: [hidden]
Admin password is set successfully
Step 3: Configure the IAM server password
Create a password for the IAM server to provide when you start the server. Do not share the password.
? Enter IAM server password: [hidden]
? Enter IAM server password again: [hidden]
Server password is set successfully
Step 4: Configure Pilot mode settings
Provide values for the following settings:
Setting Name | Setting Description |
---|---|
IAM Service ISSUER | The IAM service URL used by client applications to access the service. If IAM service runs on local server, this should be the server URL. |
ADMIN service's port | The port used by the IAM admin service. |
Note: If you want to bind IAM server to non-default HTTPS port(443), please append the port to the ISSUER, for example:
https://iam-server.com:6443
About to config Pilot Settings.
? IAM Service ISSUER: https://iam-server.com
? ADMIN service's port: 8443
Following configuration have been input for Pilot Settings --
issuer - https://iam-server.com/
ADMIN service's port - 8443
? Confirm? (Y/n)
Step 5: Complete Pilot mode setup.
Once you confirm with these settings, IAM will generate a certificate for you automatically, whose CommonName of Subject is set to the host of your IAM SERVICE ISSUER. e.g: You set the IAM SERVICE ISSUER to https://iam-server.com/ then the CommonName of Subject is set to iam-server.com
key/cert pilot.pem is created in folder /home/iamuser/domino-iam-service/config/certs
The subject of the key/cert is set to iam-server.com
IAM data will be saved unencrypted to /home/iamuser/domino-iam-service/memoryStorage.json
IAM Server setup completed.
NOTICE: The configuration file has been encrypted.
NOTICE: Original configuration file has been renamed to *.[timestamp].bak file, please delete it after confirmation to keep confidential.
➜
Start IAM server
To start the IAM server, run the following command from the IAM root folder:
~/domino-iam-service$ npm start
Enter IAM server password to start IAM server when you see the following output:
[01:35:20][warn][iam-server]: IAM is in pilot mode. Please do not use this in production environment.
[01:35:20][warn][iam-server]: To swith to production mode, delete config/local.properties then setup in production mode.
Start to unlock config:
? Enter current IAM server password: [hidden]
The following messages indicate that the IAM server has been started successfully:
[01:35:24][info][initServices]: Start IAM service on allAddress:443
[01:35:24][info][initServices]: Start Admin service on allAddress:8443
[01:35:24][info][initServices]: IAM service serves on port 443
[01:35:24][info][initServices]: Admin service serves on port 8443
You can now access the IAM server from your browser.
Tips: For example, if the issuer is set to
https://iam-server.com
and admin service port is8443
, use the following URLs:
- IAM service:
https://iam-server.com
- Admin service:
https://iam-server.com:8443