Identity Gateway 2024.3

Operating modes

Production mode (immutable mode)

To prevent unwanted changes to the configuration, IG is by default in production mode after installation. Production mode has the following characteristics:

  • The /routes endpoint isn’t exposed or accessible.

  • Studio is effectively disabled. You can’t manage, list, or even read routes through Common REST.

  • By default, other endpoints, such as /share and api/info are exposed to the loopback address only.

    To change the default protection for specific endpoints, configure an ApiProtectionFilter in admin.json and add it to the IG configuration.

Development mode (mutable mode)

In development mode, by default all endpoints are open and accessible.

You can create, edit, and deploy routes through IG Studio, manage routes through Common REST without authentication or authorization, and access API descriptors.

Use development mode to evaluate or demo IG, or to develop configurations on a single instance. This mode isn’t suitable for production.

For information about Restrict access to Studio in development mode, refer to Restrict access to Studio.

Switch from production mode to development mode

Switch from production mode to development mode in one of the following ways, applied in order of precedence:

  1. Add the following configuration to admin.json, and restart IG:

    {
  "mode": "DEVELOPMENT",
  "connectors": [
    { "port" : 8080 }
  ]
}

  2. Define an environment variable for the configuration token ig.run.mode, and then start IG in the same terminal.

    If mode is not defined in admin.json, the following example starts an instance of IG in development mode:

    • Linux

    • Windows

    $ IG_RUN_MODE=development /path/to/identity-gateway-2024.3.0/bin/bin/start.sh
    C:\IG_RUN_MODE=development
C:\path\to\identity-gateway-2024.3.0\bin\start.bat %appdata%\OpenIG

  3. Define a system property for the configuration token ig.run.mode when you start IG.

    If mode is not defined in admin.json, or an IG_RUN_MODE environment variable is not set, the following file starts an instance of IG with the system property ig.run.mode to force development mode:

    • Linux

    • Windows

    $HOME/.openig/env.sh
    %appdata%\OpenIG\env.sh
    export JAVA_OPTS='-Dig.run.mode=development'

Switch from development mode to production mode

Switch from development mode to production mode to prevent unwanted changes to the configuration.

  1. In $HOME/.openig/config/admin.json (on Windows, %appdata%\OpenIG\config ), change the value of mode from DEVELOPMENT to PRODUCTION:

    {
  "mode": "PRODUCTION"
}

    The file changes the operating mode from development mode to production mode. For more information about the admin.json file, refer to AdminHttpApplication (admin.json).

    The value set in admin.json overrides any value set by the ig.run.mode configuration token when it is used in an environment variable or system property. For information about ig.run.mode, refer to Configuration Tokens.

  2. (Optional) Prevent routes from being reloaded after startup:

    • To prevent all routes in the configuration from being reloaded, add a config.json as described in the Quick install, and configure the scanInterval property of the main Router.

    • To prevent individual routes from being reloaded, configure the scanInterval of the routers in those routes.

      {
  "type": "Router",
  "config": {
    "scanInterval": "disabled"
  }
}

    For more information, refer to Router.

  3. Restart IG.

    When IG starts up, the route endpoints are not displayed in the logs, and are not available. You can’t access Studio on http://ig.example.com:8080/openig/studio.

Copyright © 2010-2024 ForgeRock, all rights reserved.