Steps followed to install `admin ui` on server - GluuFederation/gluu-admin-ui GitHub Wiki
- Set-up Janseen Auth Server with
config-api
(sayjans-auth-server-1
) on a virtual machine. - Create
jansAdminUIRole
multivalued attribute. Add this attribute to jansPerson objectclass.
- This attribute will contain
admin-ui
user role. You find roles in the below wiki inconfig-api
roles column. https://github.com/GluuFederation/gluu-admin-ui/wiki/ConfigApiRoleMapping - Based on the user
jansAdminUIRole
the read/write/delete features will be enabled in admin-ui. - After that an
OIDC client
should be created foradmin-ui
injans-auth-server-1
withuser_info_signed_response_alg
as RS256 (so that user-info is in jwt format). - This
openid client
will be used byadmin-ui
for user login.
-
Now in
jans-config-api
the endpoints are protected using a protection-token. -
To generate token we will set-up another auth server called
jans-auth-server-2
(token-server). -
In this server we will create an OpenID client with following
a. run_introspection_script_beforeaccess_token_as_jwt_creation_and_include_claims set to true -
so that introspection_script can add scopes to the protection-token based on user role
b. access_token_as_jwt set to true -
so that generated protection-token is in jwt format
c. access_token_signing_alg as RS256
-
Following introspection script should be added to
jans-auth-server-2
so that appropriate scopes are added to api-protection-token based onjansAdminUIRole
role. https://raw.githubusercontent.com/GluuFederation/gluu-admin-ui-api/main/scripts/getScopesFrmUserRoleInterceptionScript.py
The scopes role mapping can be found here. https://github.com/GluuFederation/gluu-admin-ui/wiki/ConfigApiRoleMapping
- Download jar from https://ox.gluu.org/maven/org/gluu/gluu-admin-ui-app/5.0.0-SNAPSHOT/gluu-admin-ui-app-5.0.0-SNAPSHOT-standalone.jar
- Download configuration file from https://github.com/GluuFederation/gluu-admin-ui-api/blob/main/config/application.properties
- Edit
application.properties
file with details ofThird party OIDC client
for properties starting withauthserver.
. - Edit
application.properties
file with details ofFirst party OIDC client
for properties starting withtokenServer.
.
location of gluu-admin-ui-app-5.0.0-SNAPSHOT-standalone.jar
|
|------- gluu-admin-ui-app-5.0.0-SNAPSHOT-standalone.jar
|
|-------config (folder)
|
|--------application.properties
- Create a
config
folder in the disk location ofgluu-admin-ui-app-5.0.0-SNAPSHOT-standalone.jar
and copyapplication.properties
into it. - To run backend use command
java -jar gluu-admin-ui-app-5.0.0-SNAPSHOT-standalone.jar --admin-ui.home=<location of gluu-admin-ui-app-5.0.0-SNAPSHOT-standalone.jar>
- Edit /etc/apache2/sites-available/https_jans.conf to add the following:
Alias /admin "/var/www/html/admin/frontend" <Directory "/var/www/html/admim/frontend"> Options FollowSymLinks Indexes DirectoryIndex index.html AllowOverride None Order allow,deny Allow from all </Directory>
and add this in the proxy section
ProxyPass /admin-ui-api http://localhost:8080
2. create the frontend structure
- mkdir /var/www/html/admin
## setup Ui folder
1. mkdir /opt/gluu/gluu-admin-ui/frontend
1. cd /opt/gluu/gluu-admin-ui/frontend
1. copy the artifacts from **https://github.com/GluuFederation/gluu-admin-ui/tree/openbank/files** to this folder
1. create a symlink **ln -s /opt/gluu/gluu-admin-ui/frontend /var/www/html/admin/frontend**
1. chow -r root:www-data /var/www/html/admin/frontend
1. restart apache2.
1. The ui is available at https://{hostname}/admin