This page will give you guidance on using the MIRACL Trust SSO Docker image found at
These instructions assume that you already followed the Installation / Quick Start instructions and learned how to successfully configure your IdP with a Service Provider.
The following environment variables are available when using Docker:
SRVIDP_CONFIGPATH - sets the configuration file to start the service with SRVIDP_LOGLEVEL - sets the Log level to be one of EMERGENCY, ALERT, CRITICAL, ERROR, WARNING, NOTICE, INFO or DEBUG SRVIDP_DUMP - if set to JSON or YAML, outputs the full configuration, if set to SCHEMA - outputs the JSON schema
What follows is a quick step-by-step guide to getting a test Docker container running, which should give you an understanding of the necessary components and what command line options need to be passed in order to run the MIRACL Trust SSO docker image.
Run redis on your host machine:
sudo apt update && sudo apt install redis-server
sudo service redis-server start
Assuming that you have your config files stored in a local directory such as
/home/user/srv-idp-test/ (as explained in the Installation / Quick Start instructions) you can now run:
docker run --name=sso --network host -v /home/user/srv-idp-test/:/etc/srv-idp miracl/miraclpublic-srv-idp:latest -c /etc/srv-idp/config.yaml
As it is running on the host network, the service will be accessible at port 8000, unless you have changed the port in the config. It will also access the Redis server on port 6379.
So you should now be able to access and test your running service at
The steps below make use of a local config.yaml file to run a Docker container which references a set of config files stored in Consul. The local config.yaml has only one include which points to the Consul config url, while Consul stores config files just as described in the Overview and Installation / Quick Start instructions
Run consul in a docker container:
docker run -d --name=consul -p 8300:8300 -p 8500:8500 --net=host gliderlabs/consul-server -bootstrap -advertise=127.0.0.1
Note that the option –net=host means that it is connected to your host network and so will be accessible to the srv-idp docker container.
http://127.0.0.1:8500 and set up the necessary config files in key/value, including config.yaml to list the includes, core.yaml to store the server details, client id and secret; plus server certificates. As well as the relevant Service Provider config in the service_providers sub-folder:
Then run the srv-idp container, assuming that you have your config file stored in a local directory such as
docker run --network host -v /home/user/srv-idp-consul/config.yaml:/etc/config.yaml miraclpublic/miracl-srv-idp:latest -c /etc/config.yaml
The –net=host option means that the srv-idp container will be able to talk to both redis and the consul container running on your host network.
/home/user/srv-idp-consul/config.yaml should contain the correct consul url as an include:
includes: - http://127.0.0.1:8500/v1/kv/config/srv-idp/config.yaml?raw
Note that ?raw needs to be specified to access the contents of the file stored on consul
Setting log level
If the log parameter is included in any of your config files and the network parameter is set to ‘local’, for example:
log: level: ERROR network: local address: 127.0.0.1:514
then the running Docker container will attempt to connect to the local machine's syslog.
You can connect to the local machine's syslog either by setting the above network parameter and following with a command such as:
docker run --name=sso --network host -v /run/systemd/journal/syslog:/dev/log -v /home/user/srv-idp-dockertest/:/etc/srv-idp miraclpublic/miracl-srv-idp:latest -c /etc/srv-idp/config.yaml
Or you can use the docker syslog driver. For this you do not need to supply the network parameter as it is managed entirely by docker e.g.:
docker run --name=sso --network host --log-driver=syslog --log-opt syslog-address=unixgram:///run/systemd/journal/syslog -v /home/user/srv-idp-dockertest/config.yaml:/etc/config.yaml miraclpublic/miracl-srv-idp:latest -c /etc/config.yaml
More information on Docker syslog settings can be found at https://docs.docker.com/config/containers/logging/syslog/#options