View Source

h4. Evaluate, learn and integrate setups

|| What || Purpose ||Status ||Comment ||
|[All in one Docker image|https://github.com/Cantara/Whydah] |Evaluate and learn about Whydah. Use test-webs to experiment with protocol. |(/) |simplest possible setup |
|Integration environment on developer laptop using java -jar |allow basic integration testing during development. Only SSOLWA and STS needed. Can experiment with tokens and roles based on username with stub overrides |(/) |useful on Windows, prefer Docker on Linux environments |
|Integration environment on developer laptop using Docker (one image per application) |allow basic integration testing during development easier than running all applications from jar or IDE |(?) | |

-----

h4. Complete Environment installation

|| What || Purpose ||Status ||Comment ||
|Production installation using [Ansible scripts|https://github.com/Cantara/Whydah-Provisioning] | Production HA setup |(/) | STS in HA mode (HazelCast), mostly used for AWS EC2 deployments \\ external database and LDAP for UIB \\need to review and decide Docker or Ansible for LDAP server installation \\ automation of webproxy installation with https needs more testing |
|Production installation using [Ansible scripts|https://github.com/Cantara/Whydah-Provisioning] |Production setup |(/) |external database and LDAP for UIB \\need to review and decide Docker or Ansible for LDAP server installation \\ automation of webproxy installation with https needs more testing |
|Devtest installation using [Ansible scripts|https://github.com/Cantara/Whydah-Provisioning] |Devtest environment |(/) | HSQLDB and in-mem ApacheDS for UIB |
|Production installation using Docker (one image per application) | Production setup |(x) |Basic setup is ready, but must use data volume containers, so few advantages so far over ansible based installation. Do every application need a data volume container? Need to select a SDN strategy/framework for elastic wiring of the modules on a set of dockerhosts|


-----

h4. Development setups

|| What || Purpose ||Status ||Comment ||
|[Developer quick-start|https://github.com/Cantara/Whydah/tree/master/dev-quickstart] | Bootstrapping a full development environment |(/) | [getSource.sh|https://github.com/Cantara/Whydah/blob/master/getSource.sh] \\ [buildFullWhydah.sh|https://github.com/Cantara/Whydah/blob/master/buildFullWhydah.sh] \\ [pullRebaseFullWhydah.sh|https://github.com/Cantara/Whydah/blob/master/pullRebaseFullWhydah.sh] \\ [startFullWhydah.sh|https://github.com/Cantara/Whydah/blob/master/startFullWhydah.sh] |
|Integration environment on developer laptop using java -jar |allow basic integration testing during development |(/) |can also run in IDE |
|Integration environment on developer laptop using Docker (one image per application) | |(/) |Basic setup is ready, but not sure if this setup gives any advantage over java -jar and IDE alternatives.|
|Run one application with stubbed external dependencies |Simplify development | (?) |Not sure if the mocks/stubs parts still work or are still useful. |
-----

h4. Configuration tags


* *Production*
** UIB: no tags, _useridentitybackend_override.properties_ file in same folder as jar file
** UAS: no tags, _useradminservice_override.properties_ file in same folder as jar file
** STS: -DIAM_MODE=PROD -Dhazelcast.config=hazelcast.xml -DIAM_CONFIG=/home/sts/securitytokenservice.PROD.properties
** SSOLoginWebApp: -DIAM_MODE=PROD -DIAM_CONFIG=/home/ssologin/ssologinservice.PROD.properties


* *Devtest*
** UIB: -DCONSTRETTO_TAGS=dev, _useridentitybackend_override.properties_ file in same folder as jar file
** UAS: -DCONSTRETTO_TAGS=dev, _useradminservice_override.properties_ file in same folder as jar file
** STS: -DIAM_MODE=PROD -Dhazelcast.config=hazelcast.xml -DIAM_CONFIG=/home/sts/securitytokenservice.PROD.properties
** SSOLoginWebApp: -DIAM_MODE=PROD -DIAM_CONFIG=/home/ssologin/ssologinservice.PROD.properties

All applications has flexible configuration options to support the many variants described above.
As a general principle the default configuration should have production settings and not development settings.
This means for example testpage=disabled and sslverification=enabled. However, since the actual domain names, ports and TLS certificates will be different from environment to environment, the default configuration use http, default ports and some popular options like email and hazelcast for high availability are disabled. The config override file for each application should be used to turn on and off the different options.


h6. UIB
{include:UIB configuration tags}

h6. UAS
{include:UAS configuration tags}

h6. STS
{include:STS configuration tags}

h6. SSOLoginWebapp
{include:SSOLoginWebapp configuration tags}