Docker installation


This page will give you guidance on using the MIRACL Trust SSO Docker image found at miraclpublic/miracl-srv-idp:latest

These instructions assume that you already followed the Installation / Quick Start instructions and learned how to successfully configure your IdP with a Service Provider.

Environment Variables

The following environment variables are available when using Docker:

SRVIDP_CONFIGPATH - sets the configuration file to start the service with SRVIDP_LOGLEVEL - sets the Log level to be one of EMERGENCY, ALERT, CRITICAL, ERROR, WARNING, NOTICE, INFO or DEBUG SRVIDP_DUMP - if set to JSON or YAML, outputs the full configuration, if set to SCHEMA - outputs the JSON schema

Docker quick guide

What follows is a quick step-by-step guide to getting a test Docker container running, which should give you an understanding of the necessary components and what command line options need to be passed in order to run the MIRACL Trust SSO docker image.

Run redis on your host machine:

sudo apt update && sudo apt install redis-server

sudo service redis-server start

Assuming that you have your config files stored in a local directory such as /home/user/srv-idp-test/ (as explained in the Installation / Quick Start instructions) you can now run:

docker run --name=sso --network host -v /home/user/srv-idp-test/:/etc/srv-idp miracl/miraclpublic-srv-idp:latest -c /etc/srv-idp/config.yaml

As it is running on the host network, the service will be accessible at port 8000, unless you have changed the port in the config. It will also access the Redis server on port 6379.

So you should now be able to access and test your running service at

Running Docker with Consul for config management

The steps below make use of a local config.yaml file to run a Docker container which references a set of config files stored in Consul. The local config.yaml has only one include which points to the Consul config url, while Consul stores config files just as described in the Overview and Installation / Quick Start instructions

Run consul in a docker container:

docker run -d --name=consul -p 8300:8300 -p 8500:8500 --net=host gliderlabs/consul-server -bootstrap -advertise=

Note that the option –net=host means that it is connected to your host network and so will be accessible to the srv-idp docker container.

Then visit and set up the necessary config files in key/value, including config.yaml to list the includes, core.yaml to store the server details, client id and secret; plus server certificates. As well as the relevant Service Provider config in the service_providers sub-folder:


Then run the srv-idp container, assuming that you have your config file stored in a local directory such as /home/user/srv-idp-consul/:

docker run --network host -v /home/user/srv-idp-consul/config.yaml:/etc/config.yaml miraclpublic/miracl-srv-idp:latest -c /etc/config.yaml

The –net=host option means that the srv-idp container will be able to talk to both redis and the consul container running on your host network.

The /home/user/srv-idp-consul/config.yaml should contain the correct consul url as an include:


Note that ?raw needs to be specified to access the contents of the file stored on consul

Notes on Docker usage

Setting log level

If the log parameter is included in any of your config files and the network parameter is set to ‘local’, for example:

  level: ERROR
  network: local

then the running Docker container will attempt to connect to the local machine's syslog.

You can connect to the local machine's syslog either by setting the above network parameter and following with a command such as:

docker run --name=sso --network host -v /run/systemd/journal/syslog:/dev/log -v /home/user/srv-idp-dockertest/:/etc/srv-idp miraclpublic/miracl-srv-idp:latest -c /etc/srv-idp/config.yaml

Or you can use the docker syslog driver. For this you do not need to supply the network parameter as it is managed entirely by docker e.g.:

docker run --name=sso --network host --log-driver=syslog --log-opt syslog-address=unixgram:///run/systemd/journal/syslog -v /home/user/srv-idp-dockertest/config.yaml:/etc/config.yaml miraclpublic/miracl-srv-idp:latest -c /etc/config.yaml

More information on Docker syslog settings can be found at