Skip to main content

Identity and Access Manager configuration

Example
{
"NodeID": "node0",
"NodeType": "vm-dev-multinode-1.0-node0",
"CACert": "/etc/ssl/certs/Aos_Root_CA.pem",
"CertStorage": "iam",
"IAMProtectedServerURL": ":8089",
"IAMPublicServerURL": ":8090",
"WorkingDir": "/var/aos/iam",
"DiskEncryptionCmdArgs": [
"/bin/sh",
"-c",
"/opt/aos/setupdisk.sh create /dev/hda6 -m /usr/lib/softhsm/libsofthsm2.so -p $(cat /var/aos/iam/.usrpin) ; systemctl restart nfs-server.service"
],
"FinishProvisioningCmdArgs": [
"/opt/aos/provfinish.sh"
],
"Identifier": {
"Plugin": "visidentifier",
"Params": {
"VISServer": "wss://wwwivi:443"
}
},
"CertModules": [
{
"ID": "online",
"Plugin": "pkcs11module",
"Algorithm": "ecc",
"MaxItems": 1,
"Params": {
"Library": "/usr/lib/softhsm/libsofthsm2.so",
"TokenLabel": "aoscloud",
"UserPinPath": "/var/aos/iam/.usrpin",
"ModulePathInURL": true
}
},
{
"ID": "offline",
"Plugin": "pkcs11module",
"Algorithm": "rsa",
"MaxItems": 10,
"Params": {
"Library": "/usr/lib/softhsm/libsofthsm2.so",
"TokenLabel": "aoscloud",
"UserPinPath": "/var/aos/iam/.usrpin",
"ModulePathInURL": true
}
},
{
"ID": "iam",
"Plugin": "pkcs11module",
"Algorithm": "ecc",
"MaxItems": 1,
"ExtendedKeyUsage": [
"serverAuth",
"clientAuth"
],
"Params": {
"Library": "/usr/lib/softhsm/libsofthsm2.so",
"TokenLabel": "aoscore",
"UserPinPath": "/var/aos/iam/.usrpin",
"ModulePathInURL": true
},
"AlternativeNames": [
"node0"
]
},
{
"ID": "sm",
"Plugin": "pkcs11module",
"Algorithm": "ecc",
"MaxItems": 1,
"ExtendedKeyUsage": [
"clientAuth"
],
"Params": {
"Library": "/usr/lib/softhsm/libsofthsm2.so",
"TokenLabel": "aoscore",
"UserPinPath": "/var/aos/iam/.usrpin",
"ModulePathInURL": true
}
},
{
"ID": "um",
"Plugin": "pkcs11module",
"Algorithm": "ecc",
"MaxItems": 1,
"ExtendedKeyUsage": [
"clientAuth"
],
"Params": {
"Library": "/usr/lib/softhsm/libsofthsm2.so",
"TokenLabel": "aoscore",
"UserPinPath": "/var/aos/iam/.usrpin",
"ModulePathInURL": true
}
},
{
"ID": "cm",
"Plugin": "pkcs11module",
"Algorithm": "ecc",
"MaxItems": 1,
"ExtendedKeyUsage": [
"serverAuth",
"clientAuth"
],
"Params": {
"Library": "/usr/lib/softhsm/libsofthsm2.so",
"TokenLabel": "aoscore",
"UserPinPath": "/var/aos/iam/.usrpin",
"ModulePathInURL": true
},
"AlternativeNames": [
"node0"
]
},
{
"ID": "diskencryption",
"Plugin": "pkcs11module",
"Algorithm": "rsa",
"MaxItems": 1,
"Disabled": false,
"Params": {
"Library": "/usr/lib/softhsm/libsofthsm2.so",
"TokenLabel": "aoscore",
"UserPinPath": "/var/aos/iam/.usrpin",
"ModulePathInURL": true
}
}
],
"RemoteIams": [
{
"NodeID": "Node1",
"URL": "10.0.0.1:8089"
},
{
"NodeID": "Node2",
"URL": "10.0.0.2:8089"
}
]
}