Fineract-CN contains more than a dozen of microservices. One doesn't need to run all of them at once - this would be actually quite resource consuming.

These instructions list the bare minimum - getting a single microservice - Identity provisioned and running.

Once you complete these steps you will get a basic understanding of how fineract-cn works and how its microservices are provisioned.

Once you have completed these steps you can move on and try to provision more microservices.

You will need:

P.S: it is possible to go without Docker and Docker compose (you need to install Postgres and Cassandra yourself) but we don't cover it here.

Prepare your environment

Find hosts file (/etc/hosts in Unix/Mac or c:\Windows\System32\Drivers\etc\hosts in Windows) and add: cassandra activemq eureka postgres provisioner-ms identity-ms

Check out the code

$ mkdir fincn_bare_minimum

$ cd fincn_bare_minimum

$ git clone

$ git clone

$ git clone

Generate RSA keys

$ java -cp fineract-cn-docker-compose/external_tools/lang-0.1.0-BUILD-SNAPSHOT.jar \ SPRING >

This generates RSA keys so the microservices trust each other. The contents of will be something like this:


Prepare common configuration

Open newly generated and add this to the end of the file:


Start external tools

$ cd fineract-cn-docker-compose/external_tools

$ docker-compose up -d

$ cd ../..

Now, wait for external tools (Postgre, Cassandra, ActiveMQ and Eureka) to start. 

You probably will get a flollowing warning that you can safely ignore: 'WARNING: Some services (activemq, cassandra, eureka) use the 'deploy' key, which will be ignored. Compose does not support 'deploy' configuration - use `docker stack deploy` to deploy to a swarm."

Verify external tools have started

Run Provisioner

Open fineract-cn-provisioner with IntelliJ IDEA and wait for the project to be imported

Open ProvisionerApplication class and  right-click on the class name and choose "Create ProvisionerApplication Run/Debug configuration"

In the dialog open Environment and under Program Arguments add: --spring.config.location=../

Click OK and then right click again and select Run

If it doesn't run (you get error: "Cause: org.gradle.api.internal.ClosureBackedAction") then open Gradle properties:

and switch to run with IntelliJ

And then Run again.

After ~10sec you should get in terminal:
10:10:01.081 [main] INFO o.a.f.c.p.ProvisionerApplication - Started ProvisionerApplication in 11.642 seconds (JVM running for 13.988)

Verify Provisioner Micro Service started correctly

  • A new schema "seshat" is created to postgres database
  • A new keyspace "seshat" is created to cassandra database and the following tables are there:
    • applications
    • clients
    • config
    • tenant_applications
    • tenants
    • users

Run Identity Micro Service

Now we repeat the same steps with fineract-cn-identity:

Open fineract-cn-identity with IntelliJ IDEA and wait for the project to be imported

Open IdentityServiceConfig class and  right-click on the class name and choose "Create ProvisionerApplication Run/Debug configuration"

To program arguments set:

--spring.config.location=../ --eureka.instance.hostname=identity-ms

Click OK and then right-click again on IdentityServiceConfig and select Run.

If you managed to do it correctly you should see in logs:

10:19:31.047 [main] INFO o.a.f.c.i.c.IdentityServiceConfig - Started IdentityServiceConfig in 7.874 seconds (JVM running for 9.701)
10:19:31.385 [DiscoveryClient-InstanceInfoReplicator-0] INFO - DiscoveryClient_IDENTITY-V1/ - registration status: 204

Verify Identity Micro Service has started

Open http://identity-ms:2021/ with your browser. You should get error served by microservice:


Problem accessing /info. Reason:

    Not Found

Check if Identity has registered with Eureka

Wait a few minutes and open http://eureka:8761/ and make sure "identity-v1" is there in the list.

Hover the link and make sure it points to identity-ms:2021/info 

→ What does it mean?

Fineract-CN microservices use client-side load balancing. This works like this:

  • If the microservice starts up it registers its location with Eureka. Remember we told identity that its hostname is "identity-ms"
  • If some microservice X wants to connect to Identity then it asks Eureka for a location of "identity-v1"
  • In development, we only have one copy of the service but in production, there could be many copies of the same service running and microservice X would choose randomly one.

Provision Identity microservice

We provide a postman-request-collection as well as a postman-environment that defines variables that are used to hold values received in responses.
Both files are located under fineract-cn-docker-compose/postman-initial-requests folder:


Initialize Postman as follows:

  1. Start Postman and load both files into Postman by clicking Import and then selecting the file.
  2. You will see the collection "Fineract-Cn-Initial-Requests" in the left sidebar.
  3. Open the collection by clicking on it.
  4. Select the environment "Fineract-Cn-Initial-Setup-Environment" in the environment drop-down (top right corner in Postman).
  5. Execute the requests one by one by selecting them in the collection and then pressing "Send".

The first request (01. Log in root user) will retrieve a token. The response should look like this, with a different token:

    "token": "Bearer eyJhbGciOiJSUzUxMiJ9.eyJhdWQiOiJwcm92peWjpWZirFgcYLIzxsKv_-E5k6Gd0pv01OC0XpY3NSgfAolVVgvSXKoRnL3NwAMP2yuzX6i8hR_q82Q...",
    "accessTokenExpiration": "2019-07-18T22:26:57.784"

If you don't get a token there is something wrong with your setup. The token is necessary for authentication in other requests thus be sure that these steps work. Important: Be sure to execute the requests in the right order! The outcome is often stored in variables - check the Tests section of the requests.

Only execute the following steps (besides 01 that we already did)

Execute Postman step 02.01 Create an identity-v1 application

→ in Cassandra database seshat in table applications, there should now be a record about identity-v1

Execute Postman step 03.1 Create first tenant 'playground'

→ Now wait a bit and verify the following has happened:

  • In Postgres database, a new schema 'playground' is created
  • In Postgres database seshat table 'tenants" contains a record about playground
  • In Cassandra database, a new keyspace 'playground' is created with one empty table 'command_source'

Execute Postman step03.2 Assign identity-v1 for Tenant and obtain Tenant Admin (user antony) Password

→ Now identity tables are created to tenant 'playground' database in cassandra.

→ Identity has a nickname 'isis' and you should see that at least 9 tables (names start with prefix 'isis_' ) have been created under Cassandra Keyspace

→ Identity doesn't keep anything in Postgre database so there are no new tables there.

Execute Postman step03.3 Login Antony (tenant superadmin) with obtained password

Execute Postman step03.4 Change Antony Password to 'antonyPassword'

→ Fineract forces every user to change their password on the first login. This is why we are changing the password and logging in again (in next step)

→ If we would log in with Fims Web App then the UI would tell us to change the password.

Execute Postman step03.5 LOGIN ANTONY (tenant SuperAdmin) with pwd 'antonyPassword'

... skip a bunch of steps...

Execute Postman step05.1 Create administrator role for tenant "playground"

Execute Postman step05.2 Create Admin User operator with password 'initialPassword'

Execute Postman step05.3 Log in with the initial password

Execute Postman step05.4 Change user 'operator' password to 'operatorPassword'

05.5 LOG IN TENANT ADMIN (operator)

Verify user operator has been created 

Run step:

05.6 Pull operator permissions

You have now set up Identity Microservice and provisioned it using Provisioner microservice.

You should have schemas 'seshat' and 'playground' in Cassandra and Postgres databases.

Send your own requests to Identity

Identity Micro Service is responsible for managing users and their roles - a bit more info can be found here: Fineract CN Project Structure#identity

From identity code open UserRestController and find method getUserPermissions - this method serves the same request '05.6 Pull operator permissions' that we just sent with Postman.

Examine yourself what kind of other requests you could send to Identity.

Launch Fims Web App

You should be able to log in to Fims Web App (untested)

git clone

cd fineract-cn-fims-web-app

npm i

npm run dev

Open localhost:8888 and log in with

tenant: playground

user: operator
password: operatorPassword

How to reset state to start from zero

cd fineract-cn-docker-compose/external_tools

docker-compose stop

docker-compose rm -f

docker volume rm external_tools_cassandra-volume

docker volume rm external_tools_postgres-volume

  • No labels