IDHub components are installed in a distributed environment and is built using microservices architecture. Majority of components are built on java platform and are packaged to run as a single jar file. The web interface is built on Angular and is best suited to run on node server. It may be adapted to be served using most modern HTTP servers.

To build and maintain your IDHub environment you can deploy the component services directly on physical or virtual servers hosting your IDM (Identity Management System) or use Docker containers.

Follow simple setup steps for installing the IDHub Components  and get started...


Step1:  Before we start, review the list of port requirements for IDHub components installation

Ports in Use for IDHub ...

Ports in use

Ports for the application listed for Sath IDH. Ensure these are available, otherwise provide an alternative set of ports. 

Green indicates that these ports must be opened in the firewall.

  • 27017 - MongoDB
  • 3000 - NGINX
  • 3001 - Admin Console
  • 3002 -User Application
  • 8081 - Auth Server
  • 8125 - James Server
  • 8080 - RestHeart
  • 8091 - Service Discovery
  • 9091 - API Gateway
  • 9093 - Config Server
  • 8086 - Core
  • 8088 - Data Services
  • 8093 -Notification API
  • 9092 - OIMShim 11GR2
  • 9098 - OIMShm 12C

Step 2:  Next, complete  an information  checklist

Information Checklist for existing infrastructure...

The following details about the existing Infrastructure need to be retrieved and documented.

These details need to be edited in the sample properties files provided. Instruction on how to do this will follow:

AUTH server (Keycloak)

  • LDAP
    • baseDn (E.g dc=sath,dc=com)
    • url (E.g ldap://<Ldap Host Name>:<Ldap Port>)
    • userDn (complete dn of user used to authenticate and search in the ldap)
    • userPassword
    • userDnPatterns (E.g uid={0},cn=Users,dc=sath,dc=com)
    • userSearchBase  (E.g cn=Users)
    • userSearchFilter (E.g uid={0})

OIM server

  • Type of OIM Server - 11GR2 PS2 or 11GR2 PS3 or 12C

  • OIM Details

    • Administrator Username

    • Administrator Password

    • OIM Connection URL

  • OIM Database Details
    • Connection URL (E.g. jdbc:oracle:thin:@
    • Username with READ access
    • Password 
    • OIM Schema
    • JDBC Driver (E.g. oracle.jdbc.driver.OracleDriver)
  • Weblogic Details
    • Username
    • Password
  • OIM composite Details


    • EJB Host (Format: http://<SOA Host Name>:<SOA Port> or https://<SOA Host Name>:<SOA Secure Port>)
  • Directory with WRITE access to the user starting the services


  • List of Users authorized to use the application (Defined by ldap details)

  • level1 approver for the application (Defined as a ROLE in OIM and mongo DB)

  • level2 approver for the application (Defined as a ROLE in OIM and mongo DB)

Notification Template

  • Sample Email 
  • The List of Notification parameters sent in the Email
  • Email to be replaced

Step 3:  Select the type of install-  < manual vs docker ? >

Manual Installation

Artifact checklist -

Jar Files

  • 11G

  • 12C
  • apigateway
  • config-server

  • core
  • DataService
  • notification-api
  • servicediscovery
  • spring-security-auth-server


  • AdminConsole (Frontend / UI)

  • UserApplication (Frontend / UI)

  • config (Sample properties for IDH with following files)
    • oimshim11GR2properties
  • JamesServer (Modified for IDH) with notificationMailetService-0.0.1-SNAPSHOT.jar and

  • lib folder for 12C-<version>.jar
  • RestHeart (

  • Java 8

  • jce8 (Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files 8 (

  • MongoDB



  • nginx.conf file
Docker Installation

Docker Software

  • Docker Engine
  • Docker-compose 

IDHub Installation

Manual Installation Procedure

Step 1: IDHub Pre-Install

Click here to expand...

Create a folder to hold all IDHub installations and assign the correct ownership. Additional folder "logs" can be created to hold all the log files.

Eg: Lets say the user is iamuser, user-group is users and folder for IDH is /apps. Execute the below steps in order

Step 2:  Mongo Installation

Click here to expand...

Any kind of MongoDB installation provided in the official website will work with IDHub  however, tarballs require the least amount of access rights and permissions and hence we focus on using .tgz Tarballs for Linux installations.

  1. Identify any prerequisites for Mongo install

E.g. "libcurl4 libopenssl1_0_0" is a prerequisite for SUSE Linux.

use admin
use <database>


2. Download Latest MongoDB from by selecting specific Operating System.

For Redhat Linux

For SUSE12 Linux

3. Move the file to /apps and extract the files

4. MongoDB uses /data/db folder by default. Create folder /data/db for MongoDB. If using a different folder for DB, ensure that the folders have correct ownership.

If your MongoDB doesn't start check database path i.e.  the permissions of /data folder or the folder provided as an argument in --dbpath

5. Add to PATH variable to ~/.bashrc file using your favorite text editor. Simply add the below line as the last line in the file.

6. To start MongoDB with no authentication.

7. To start MongoDB with authentication.

Enable Auth for MongoDB
Before starting, Keep Ready the following
  1. username - Refers to the username that will be used to access MongoDB. 
  2. password - Refers to the password that will be used to access MongoDB. 
  3. database - Refers to the database name that will be used for IDH. Defaults to dev.
Also, MongoDB should be installed in the server.
Configuration -
Create user for authentication.
  1. Start MongoDB without auth option

    nohup mongod &
    Test : Create collection without Authentication
    use <database>

    If the Step 2 gave an error "Unauthorized", that means that Auth is properly set up in MongoDB

  2. Check logs if MongoDB has successfully started. 

    tail -100f nohup.out

    You should see "waiting for connections on port 27017" in logs. If yes, use ctrl+c to exit the tail command.

  3. Now open mongo shell by typing "mongo"

  4. In the shell, Run the below commands. Step B will create user in admin database. Step C will shutdown the server.

    A.use admin



        user: "<username>",

        pwd: "<password>",

        roles: [ { role: "userAdminAnyDatabase", db: "admin" }, { role: "readWrite", db: "<database>" } , { role: "readWrite", db: "config-db" }, "readWriteAnyDatabase" ]



    db.shutdownServer({timeoutSecs: 5});
  5. Start MongoDB with Auth

    nohup mongod --auth &

    Test : Create and drop collection with proper Authentication

use admin
use <database>

If you are able to create a collection and drop the collection. That means that the authentication is successful.

8. Additional Configuration - Connect from external systems

Start MongoDB using --bind_ip_all option. Make sure MongoDB is protected with a strong password for authentication if exposing the database externally to prevent ransomware attacks on your system.

Other options

-h option provides the extensive list of all options for both mongod and mongo commands. Use this to figure out any additional configurations that are necessary.

Intended Audience

  • Identity Architects
  • Identity Administrators

Recommended Skills

To deploy IDHub familiarity with following technologies is required

  • Java 8
  • MongoDB
  • OAuth
  • JSON
  • REST

Knowledge of the following technologies is highly recommended

  • Docker
  • Linux
  • SQL

Recommended Tools

  • Robo Mongo
  • POSTMan

Related Content

Identity Fundamentals

IDHub Components

IDHub Data store