Airlock IAM Service Container (module)

This chapter describes the features of the Airlock IAM Service Container module and how to configure and use them.

The Service Container module provides a scheduler to execute tasks such as the generation of authentication token-related letters and database cleanup. It also hosts the RADIUS server and provides a web interface to check the status of the services.

The Service Container web UI is accessed from the Adminapp web UI.

Main features

Airlock IAM Service Container features:
Run the RADIUS server (an authentication interface for access gateways, VPN servers, and alike).
Batch-generation of password letters, authentication token letters, and alike.
Synchronize user data with external data sources (e.g. directories).
Run tasks on user data (e.g. expire unused initial passwords).

Summary of technical facts

The following is a brief list of technical facts of the Airlock IAM Service Container.

Name	Value	Description and links
Module name	`service-container`	The Service Container can be enabled or disabled using the application parameters property `iam.modules.`
Configuration root	Service Container	The Service Container is a top-level element in the configuration.
URL	`/auth-servicecontainer`/	The URL of the Service Container is defined by the application parameter `iam.service-container.url.path` and defaults to /`<instance-name>-servicecontainer/`. It is typically accessed by clicking a link in the Adminapp's navigation. If the Adminapp and Service Container are accessed via the Gateway (WAF), the URL is defined in the mapping. The provided mapping template suggests using the same URL as indicated here.

Service Container with multiple Adminapp deployments

A URL can also be configured for iam.service-container.url.path instead of a path if required. Using an URL allows e.g. to access a single Service Container in a Kubernetes cluster by multiple Adminapp deployments.

Example: iam.service-container.url.path = https://localhost:8443/auth-servicecontainer

Note that CLI tasks can only be started on the host of the Service Container.
There must only be a single instance with Service Container enabled. All other instances must be configured with the Service Container disabled in iam-modules.
In case the Service Container menu point is not available, check the rights and shared secret configuration in the Adminapp.

Further information and links

IAM modules and databases/directories