Architecture
Overview
mID Provider(IAM) can be enabled with following architecture modes.
Simple Architecture Overview
Cluster Architecture Overview
Clustered operation mode is used when you want to run mID Provider(IAM) and Connectors within a cluster. This mode requires that you have a copy of the mID Provider(IAM) and Connectors distribution on each machine you want to run a server instance. This mode can be very easy to deploy initially for few machines cluster, but can become quite cumbersome for very large cluster solutions. To make a configuration change you will have to modify each distribution on each machine. For very large scale operation, domain cluster or cross datacenter operation mode should be selected.
Consolidated Endpoints
| Endpoint Name | Component | URI |
|---|---|---|
| Well Known Configuration | mID Provider(IAM)/OIDC | https://{baseurl}:8443/auth/realms/{realm}/.well-known/openid-configuration |
| Authorization Endpoint | mID Provider(IAM)/OIDC | https://{baseurl}:8443/auth/realms/{realm}/protocol/openid-connect/auth |
| Token Endpoint | mID Provider(IAM)/OIDC | https://{baseurl}:8443/auth/realms/{realm}/protocol/openid-connect/token |
| Token introspection Endpoint | mID Provider(IAM)/OIDC | https://{baseurl}:8443/auth/realms/{realm}/protocol/openid-connect/token/introspect |
| Userinfo Endpoint | mID Provider(IAM)/OIDC | https://{baseurl}:8443/auth/realms/{realm}/protocol/openid-connect/userinfo |
| Logout Endpoint | mID Provider(IAM)/OIDC | https://{baseurl}:8443/auth/realms/{realm}/protocol/openid-connect/logout |
| JWKS URI | mID Provider(IAM)/OIDC | https://{baseurl}:8443/auth/realms/{realm}/protocol/openid-connect/certs |
| Check Session Iframe | mID Provider(IAM)/OIDC | https://{baseurl}:8443/auth/realms/{realm}/protocol/openid-connect/login-status-iframe.html |
| Client Registration | mID Provider(IAM)/OIDC | https://{baseurl}:8443/auth/realms/{realm}/clients-registrations/openid-connect |
| User Management REST API | mID Provider(IAM)/Admin REST API | https://{baseurl}:8444/auth/admin/realms/{realm}/users |
| Master Admin Dashboard | mID Provider(IAM)/Admin Dashboard | https://{baseurl}:8444/auth/admin/ |
| Tenant Admin Dashboard | mID Provider(IAM)/Admin Dashboard | https://{baseurl}:8444/auth/admin/{realm-name}/console |
| Signature | Business Logic | https://{baseurl}:8443/auth/realms/{realm}/digitanium/signature |
| Account Profile | Business Logic | https://{baseurl}:8443/auth/realms/{realm}/users/{userid}/profile |
| Admin Dashboard | Portainer | https://{baseurl}:9000 |
| SSMS Management | SSMS | https://{baseurl-maschine2}:8443/ssms-gui/soap/mgt/asm/AsmManagementWs |
| Security Channel | SSMS | https://{baseurl-maschine2}:8444/ssms-services/asm/rest/device |
| SSMS Services | SSMS | https://{baseurl-maschine2}:8445/ssms-services/soap/svc/asm/AsmServicesWs |
| Config Utility | SSMS | https://{baseurl-maschine2}:9000 |
Consolidated Ports
Public
| Port | Transport Layer | Applications Layer | Component | Relation |
|---|---|---|---|---|
| 8443 | TCP | HTTPS | mID Provider(IAM)/OIDC | from Application to mID Provider(IAM) OIDC |
| 8444 | TCP | HTTPS | SSMS | from mID SDK to SSMS |
| 8445 | TCP | HTTPS | mID Business Logic (Resource Server) | from Application to Business Logic |
Private
| Port | Transport Layer | Applications Layer | Component | Relation |
|---|---|---|---|---|
| 8444 | TCP | HTTPS | mID Provider(IAM)/Admin Dashboard | Admin from browser to Admin Dashboard |
| 8446 | TCP | HTTPS | mID Connector API | from mID Provider(IAM) to mID Connector |
| 9000 | TCP | HTTP | Portainer | Collect Docker Container informations |
| 45688 | UDP | JGROUP Cluster | Transport between mID Provider(IAM) nodes to exchange cache information with Infinispan´s nodes. | |
| 8445 | TCP | HTTPS | SSMS Services | SOAP Operation Tasks |
| 8443 | TCP | HTTPS | SSMS Management | SOAP Management Tasks |
| 9000 | TCP | HTTP | Config Utility | Configuration Tool |
| 7600-7610 | UDP | SSMS - JGROUP Cluster | Transport between SSMS nodes to exchange information. | |
| 12001-12010 | TCP | HTTPS | SSMS - GOSSIP Server | Initial Membership Discovery of SSMS nodes |
Local
| Port | Transport Layer | Applications Layer | Component | Relation |
|---|---|---|---|---|
| 6379 | TCP | HTTP | REDIS | from mID Connector to mID Pooler |