Service Container (module)
 
19. Service Container (module)

This chapter describes the features of the Airlock IAM Service Container module and how to configure and use them.

The Service Container module provides a scheduler to execute tasks such as the generation of authentication token-related letters and database cleanup. It also hosts the RADIUS server and provides a web interface to check the status of the services.

The Service Container web UI is accessed from the Adminapp web UI.

Main Service Container features

  • Run the RADIUS server (an authentication interface for access gateways, VPN servers, and alike).
  • Batch-generation of password letters, authentication token letters, and alike.
  • Synchronize user data with external data sources (e.g. directories).
  • Run tasks on user data (e.g. expire unused initial passwords).

Quick technical facts Service Container

Name
Value
Description and links
Module name
service-container
The Service Container can be enabled or disabled using the 8.1. application parameters property iam.modules.
Configuration root
Service Container
The Service Container is a top-level element in the configuration.
URL
/auth-servicecontainer/
The URL of the Service Container is defined by the application parameter iam.service-container.url.path and defaults to /<instance-name>-servicecontainer/.
It is typically accessed by clicking a link in the Adminapp's navigation.
If the Adminapp and Service Container are accessed via the Gateway (WAF), the URL is defined in the mapping. The provided mapping template suggests using the same URL as indicated here.

Service Container with multiple Adminapp deployments

A URL can also be configured for iam.service-container.url.path instead of a path if required. Using an URL allows e.g. to access a single Service Container in a Kubernetes cluster by multiple Adminapp deployments.

Example: iam.service-container.url.path = https://localhost:8443/auth-servicecontainer

  • Note that CLI tasks can only be started on the host of the Service Container.
  • There must only be a single instance with Service Container enabled. All other instances must be configured with the Service Container disabled in iam-modules.
  • In case the Service Container menu point is not available, check the rights and 18. shared secret configuration in the Adminapp.

Further information and links