Skip to content

Quickstart Guide

The CEP is highly customizable through various parameter. You can modify translations, CSS, logos, and even replace specific files with your own custom versions. For greater flexibility, custom templates can also be integrated, all of which can be included within your custom Docker container image to fully match your needs and branding requirements.

** Preperations **

To customize the CEP to your corporate design, we'll need your company’s style guide, including the logo, color scheme, and any background images. The process may take up to two weeks to ensure the portal aligns perfectly with your brand. Please provide any visual identity elements, such as logos and colors, so we can integrate them seamlessly into the design.

How To Deploy The CEP

The CEP and Docker daemon will establish secure HTTPS connections to registry.ceplabs.com and license.ceplabs.com. To facilitate these connections, you may need to configure your proxy or firewall settings to allow access to these hosts, ensuring smooth communication for both Docker and CEP.

  1. Access AAF via SSH

  2. Create a new folder "cep" into the following path "/opt"

    mkdir /opt/cep

  3. Create a new folder "cep" into the following path "/opt/cep/crt"

    mkdir /opt/cep/crt

  4. Copy your internal Root-CA certificate to the specified path "/opt/cep/crt." The certificate should be in BASE64 (PEM) format, and the file extension must be ".crt".

  5. Create new file "docker-compose.yml" in to the path "/opt/cep"

    touch /opt/cep/docker-compose.yml

  6. Insert the content from the example docker-compose.yml file on the bottom of this page and make your changes

    mcedit /opt/cep/docker-compose.yml

  7. Create an empty file named "license.txt." This file is essential for storing the license acquired from the license server.

    touch /opt/cep/license.txt

  8. Create new file "base.env" in to the path "/opt/cep"

    touch /opt/cep/base.env

  9. Insert the content from the example base.env file on the bottom of this page and make your changes

    mcedit /opt/cep/base.env

  10. Change the folder

    cd /opt/cep

  11. Login to the repository registry.ceplabs.com.

    docker login registry.ceplabs.com

  12. Install the cep

    docker-compose up -d

  13. Check if cep is working (optional)

    docker exec -it cep /usr/bin/cep-test

  14. The cep should now be available at https://aa.example.com:8443

docker-compose.yml
version: "3.5"
services:
  cep:
    # If you've ordered a custom container, you need to configure the individual image here.
    # 
    # The image versions are represented as tags in the Docker registry. You have several 
    # options for specifying the version for installation. 
    # 
    # One option is to use ":latest," or alternatively, you can use a tag for the latest 
    # major release version, such as ":1.14" (1.14.x). Finally, you can also specify the 
    # exact version, such as "1.14.1," for installation.
    image: registry.ceplabs.com/aaf/cep:latest
    container_name: cep
    volumes:
      - aaf_webd-config:/etc/nginx/certs:ro
      - ${PWD}/crt:/usr/local/share/ca-certificates
      - ${PWD}/license.txt:/var/www/html/license.txt
      ####### Custom translation messages #######
      # This line mounts the "custom-translation" directory into the container.
      # - ${PWD}/custom-translation:/var/www/html/translations/custom
    restart: unless-stopped
    ports:
      - "8443:443"
    environment:
      - CEP_LICENSE_ID=###YOUR LICENSE ID###
      - CEP_LICENSE_PASSWORD=###YOUR LICENSE PASSWORD###
    # env_file can hold be a list of files. The files in the list are processed from the 
    # top down. For the same variable specified in two env files, the value from the 
    # last file in the list stands. When both env_file and environment are used for 
    # container configuration, values set by environment have precedence.
    env_file:
      - base.env
volumes:
 aaf_webd-config:
   external: true
base.env
CEP_AAF_ENDPOINT_URL=https://aa.example.com
CEP_AAF_ENDPOINT_ID=1234567890ABCDEF
CEP_AAF_ENDPOINT_SECRET=MYSECRET
CEP_AAF_TEST_EVENT=CEP-MethodTest
CEP_AAF_METHODS=["LDAP_PASSWORD:1", "PASSWORD:1", "EMAIL_OTP:1", "TOTP:1", "EMERG_PASSWORD:1", "SMARTPHONE:1", "HOTP:1", "U2F:1", "SECQUEST:1", "WINHELLO:1", "CARD:1"]
CEP_AAF_WIZARD_METHODS=["PASSWORD:1", "HOTP:1"]
CEP_AAF_USECASES={"VPN": [["PASSWORD:1", "HOTP:1"], ["PASSWORD:1", "TOTP:1"], ["PASSWORD:1", "SMARTPHONE:1"]], "WINDOWS": [["PASSWORD:1", "U2F:1"], ["PASSWORD:1", "SMARTPHONE:1"], ["PASSWORD:1", "HOTP:1"], ["PASSWORD:1", "TOTP:1"], ["PASSWORD:1", "EMERG_PASSWORD:1"]], "MacOS": [["PASSWORD:1", "U2F:1"], ["PASSWORD:1", "SMARTPHONE:1"]], "Web Applications": [["PASSWORD:1", "U2F:1"], ["PASSWORD:1", "SMARTPHONE:1"], ["PASSWORD:1", "TOTP:1"]]}
CEP_AAF_REGISTRATION_RESPECT_ORDER=true
CEP_AAF_MULTI_METHODS=["PASSWORD:1", "TOTP:1", "HOTP:1", "U2F:1", "CARD:1"]
CEP_DEFAULT_LOGIN_CHAIN=["PASSWORD:1", "HOTP:1"]
CEP_AAF_TIMEOUT=120
CEP_AAF_EXPOSE_NOCHAIN=true
#######REGISTRATION & RESET METHOD#######
###GENERAL###
#CEP_AAF_HIDDEN_LOGIN_METHODS=["EMAIL_OTP:1", "RADIUS:1", "EMERG_PASSWORD:1"]
###REGISTRATION###
#CEP_AAF_ALLOW_REGISTRATION=true
#CEP_AAF_ALLOW_REGISTRATION_METHODS=["LDAP_PASSWORD:1", "EMAIL_OTP:1", "RADIUS:1", "EMERG_PASSWORD:1"]
###RESET METHOD###
#CEP_AAF_RESET_METHOD=LDAP_PASSWORD:1
#CEP_AAF_UNDELETEABLE_METHODS=["PASSWORD:1", "EMAIL_OTP:1"]
#######Change LDAP Password#######
#CEP_LDAP_ENABLE=true
#CEP_LDAP_DIRECTORIES={"AUTH" : {"type": "ad", "hosts": ["dc01.auth.test"], "port": 636, "ssl": true, "version": 3, "timeout": 5, "binddn": "administrator@auth.test", "bindpw": "MyPassword", "userbase":  "DC=auth,DC=test"}}
#######SSPR#######
#CEP_LDAP_CHANGE_AS_USER=false