Skip to main content

Identity and Access Manager configuration

Example
{
  "NodeID": "node0",
  "NodeType": "vm-dev-multinode-1.0-node0",
  "CACert": "/etc/ssl/certs/Aos_Root_CA.pem",
  "CertStorage": "iam",
  "IAMProtectedServerURL": ":8089",
  "IAMPublicServerURL": ":8090",
  "WorkingDir": "/var/aos/iam",
  "DiskEncryptionCmdArgs": [
    "/bin/sh",
    "-c",
    "/opt/aos/setupdisk.sh create /dev/hda6 -m /usr/lib/softhsm/libsofthsm2.so -p $(cat /var/aos/iam/.usrpin) ; systemctl restart nfs-server.service"
  ],
  "FinishProvisioningCmdArgs": [
    "/opt/aos/provfinish.sh"
  ],
  "Identifier": {
    "Plugin": "visidentifier",
    "Params": {
      "VISServer": "wss://wwwivi:443"
    }
  },
  "CertModules": [
    {
      "ID": "online",
      "Plugin": "pkcs11module",
      "Algorithm": "ecc",
      "MaxItems": 1,
      "Params": {
        "Library": "/usr/lib/softhsm/libsofthsm2.so",
        "TokenLabel": "aoscloud",
        "UserPinPath": "/var/aos/iam/.usrpin",
        "ModulePathInURL": true
      }
    },
    {
      "ID": "offline",
      "Plugin": "pkcs11module",
      "Algorithm": "rsa",
      "MaxItems": 10,
      "Params": {
        "Library": "/usr/lib/softhsm/libsofthsm2.so",
        "TokenLabel": "aoscloud",
        "UserPinPath": "/var/aos/iam/.usrpin",
        "ModulePathInURL": true
      }
    },
    {
      "ID": "iam",
      "Plugin": "pkcs11module",
      "Algorithm": "ecc",
      "MaxItems": 1,
      "ExtendedKeyUsage": [
        "serverAuth",
        "clientAuth"
      ],
      "Params": {
        "Library": "/usr/lib/softhsm/libsofthsm2.so",
        "TokenLabel": "aoscore",
        "UserPinPath": "/var/aos/iam/.usrpin",
        "ModulePathInURL": true
      },
      "AlternativeNames": [
        "node0"
      ]
    },
    {
      "ID": "sm",
      "Plugin": "pkcs11module",
      "Algorithm": "ecc",
      "MaxItems": 1,
      "ExtendedKeyUsage": [
        "clientAuth"
      ],
      "Params": {
        "Library": "/usr/lib/softhsm/libsofthsm2.so",
        "TokenLabel": "aoscore",
        "UserPinPath": "/var/aos/iam/.usrpin",
        "ModulePathInURL": true
      }
    },
    {
      "ID": "um",
      "Plugin": "pkcs11module",
      "Algorithm": "ecc",
      "MaxItems": 1,
      "ExtendedKeyUsage": [
        "clientAuth"
      ],
      "Params": {
        "Library": "/usr/lib/softhsm/libsofthsm2.so",
        "TokenLabel": "aoscore",
        "UserPinPath": "/var/aos/iam/.usrpin",
        "ModulePathInURL": true
      }
    },
    {
      "ID": "cm",
      "Plugin": "pkcs11module",
      "Algorithm": "ecc",
      "MaxItems": 1,
      "ExtendedKeyUsage": [
        "serverAuth",
        "clientAuth"
      ],
      "Params": {
        "Library": "/usr/lib/softhsm/libsofthsm2.so",
        "TokenLabel": "aoscore",
        "UserPinPath": "/var/aos/iam/.usrpin",
        "ModulePathInURL": true
      },
      "AlternativeNames": [
        "node0"
      ]
    },
    {
      "ID": "diskencryption",
      "Plugin": "pkcs11module",
      "Algorithm": "rsa",
      "MaxItems": 1,
      "Disabled": false,
      "Params": {
        "Library": "/usr/lib/softhsm/libsofthsm2.so",
        "TokenLabel": "aoscore",
        "UserPinPath": "/var/aos/iam/.usrpin",
        "ModulePathInURL": true
      }
    }
  ],
  "RemoteIams": [
    {
      "NodeID": "Node1",
      "URL": "10.0.0.1:8089"
    },
    {
      "NodeID": "Node2",
      "URL": "10.0.0.2:8089"
    }
  ]
}