Get Connected to NoSQL Data Sources

This tutorial explains the basic steps to connect the Curity Identity Server to a NoSQL database, if, for example, you want to use managed database hosting from a cloud provider. The content describes some demo deployments. Once connected, you can plan your real database deployments.

Get a Default Configuration

First, follow these getting started tutorials.

• Get a license file, run an Install using Docker and sign into the Admin UI.
• Run the First Configuration, select All Options and accept all default settings.
• Export Configuration so that you have a curity-config.xml file.

Get Schema Initialization Scripts

Get the schema initialization script from the $IDSVR_HOME/etc folder of the Curity Identity Server. For example, you can run the following Docker commands.

docker pull curity.azurecr.io/curity/idsvr
docker run --name curity -d -e PASSWORD=Password1 curity.azurecr.io/curity/idsvr
docker cp curity:/opt/idsvr/etc/ ./etc/
docker rm --force curity

Study the resources that initialize NoSQL databases.

mongo-create_database.js
dynamodb/*.json

Deploy the System

The following examples demonstrate simple ways to get connected. You can configure data source details in the Admin UI by navigating to Facilities → Data Sources. The following sections instead demonstrate the XML configuration settings, so that you can plan rollouts to deployment pipelines.

<facilities xmlns="https://curity.se/ns/conf/base">
    <data-sources>
      <data-source>
        <id>default-datasource</id>
        <mongodb xmlns="https://curity.se/ns/ext-conf/mongodb">
          <password-credential>
            <password>Password1</password>
            <username>idsvruser</username>
          </password-credential>
          <connection-string>mongodb://dbserver:27017/idsvr</connection-string>
        </mongodb>
      </data-source>
    </data-sources>
...    
</facilities>

services:
  curity-data:
    image: mongodb/mongodb-community-server:latest
    hostname: dbserver
    container_name: dbserver
    volumes:
      - ./etc/mongo-create_database.js:/tmp/init.js
      - ./data:/data/db
    environment:
      MONGO_INITDB_ROOT_USERNAME: sa
      MONGO_INITDB_ROOT_PASSWORD: Password1
      MONGO_CURITY_USERNAME: idsvruser
      MONGO_CURITY_PASSWORD: Password1

  curity-idsvr:
    image: curity.azurecr.io/curity/idsvr:latest
    hostname: idsvr
    container_name: idsvr
    ports:
      - 6749:6749
      - 8443:8443
    volumes:
      - ./license.json:/opt/idsvr/etc/init/license/license.json
      - ./curity-config.xml:/opt/idsvr/etc/init/config.xml
    environment:
      ADMIN: 'true'

docker exec -it dbserver bash

mongosh dbserver:27017/idsvr -u sa -p Password1 --authenticationDatabase admin --file /tmp/init.js

mongosh dbserver:27017/idsvr -u idsvruser -p Password1 --authenticationDatabase idsvr

db.runCommand(
    {
        find: "accounts"
    }
)

Finalize Configuration

Once connected, plan deployments to real environments that follow the provider's database best practices. Make sure that you use strong client credentials for database connections and encrypt data at rest. See the system admin guide for details on the Database System Requirements and the finer details for each Data Source.

Finally, use the techniques in the Configuration as Code tutorial to finalize the database configuration for deployed systems. Use parameterized configuration and encrypt sensitive database values.

Summary

The Curity Identity Server models data using abstractions so that it can store identity data in many data sources. You can therefore use NoSQL data sources to enable deployments such as managed data storage that your cloud platform provides.

Join our Newsletter

Get the latest on identity management, API Security and authentication straight to your inbox.

Email

Subscribe

I agree to Curity's Privacy Policy

Start Free Trial

Try the Curity Identity Server for Free. Get up and running in 10 minutes.

Start Free Trial