Steps followed to install `admin ui` on server - GluuFederation/gluu-admin-ui GitHub Wiki

Setting Third party OP

  1. Set-up Janseen Auth Server with config-api (say jans-auth-server-1) on a virtual machine.
  2. Create jansAdminUIRole multivalued attribute. Add this attribute to jansPerson objectclass.

  1. This attribute will contain admin-ui user role. You find roles in the below wiki in config-api roles column. https://github.com/GluuFederation/gluu-admin-ui/wiki/ConfigApiRoleMapping
  2. Based on the user jansAdminUIRole the read/write/delete features will be enabled in admin-ui.
  3. After that an OIDC client should be created for admin-ui in jans-auth-server-1 with user_info_signed_response_alg as RS256 (so that user-info is in jwt format).
  4. This openid client will be used by admin-ui for user login.

Setting First Party OP

  1. Now in jans-config-api the endpoints are protected using a protection-token.

  2. To generate token we will set-up another auth server called jans-auth-server-2 (token-server).

  3. In this server we will create an OpenID client with following

    a. run_introspection_script_beforeaccess_token_as_jwt_creation_and_include_claims set to true - so that introspection_script can add scopes to the protection-token based on user role

    b. access_token_as_jwt set to true - so that generated protection-token is in jwt format

    c. access_token_signing_alg as RS256

  4. Following introspection script should be added to jans-auth-server-2 so that appropriate scopes are added to api-protection-token based on jansAdminUIRole role. https://raw.githubusercontent.com/GluuFederation/gluu-admin-ui-api/main/scripts/getScopesFrmUserRoleInterceptionScript.py

The scopes role mapping can be found here. https://github.com/GluuFederation/gluu-admin-ui/wiki/ConfigApiRoleMapping

Setting admin-ui backend

  1. Download jar from https://ox.gluu.org/maven/org/gluu/gluu-admin-ui-app/5.0.0-SNAPSHOT/gluu-admin-ui-app-5.0.0-SNAPSHOT-standalone.jar
  2. Download configuration file from https://github.com/GluuFederation/gluu-admin-ui-api/blob/main/config/application.properties
  3. Edit application.properties file with details of Third party OIDC client for properties starting with authserver..
  4. Edit application.properties file with details of First party OIDC client for properties starting with tokenServer..

location of gluu-admin-ui-app-5.0.0-SNAPSHOT-standalone.jar

          |

          |------- gluu-admin-ui-app-5.0.0-SNAPSHOT-standalone.jar

          |

          |-------config (folder)

                    |

                    |--------application.properties
  1. Create a config folder in the disk location of gluu-admin-ui-app-5.0.0-SNAPSHOT-standalone.jar and copy application.properties into it.
  2. To run backend use command java -jar gluu-admin-ui-app-5.0.0-SNAPSHOT-standalone.jar --admin-ui.home=<location of gluu-admin-ui-app-5.0.0-SNAPSHOT-standalone.jar>

Setting admi-ui frontend

Configure Apache2

  1. Edit /etc/apache2/sites-available/https_jans.conf to add the following:
     Alias /admin "/var/www/html/admin/frontend"
     <Directory "/var/www/html/admim/frontend">
         Options FollowSymLinks Indexes
         DirectoryIndex index.html
         AllowOverride None
         Order allow,deny  
         Allow from all
     </Directory>
    
and add this in the proxy section

ProxyPass /admin-ui-api http://localhost:8080


2. create the frontend structure

- mkdir /var/www/html/admin

## setup Ui folder

1. mkdir /opt/gluu/gluu-admin-ui/frontend
1. cd /opt/gluu/gluu-admin-ui/frontend
1. copy the artifacts from **https://github.com/GluuFederation/gluu-admin-ui/tree/openbank/files** to this folder
1. create a symlink **ln -s /opt/gluu/gluu-admin-ui/frontend /var/www/html/admin/frontend**
1. chow -r root:www-data /var/www/html/admin/frontend
1. restart apache2.
1. The ui is available at https://{hostname}/admin







⚠️ **GitHub.com Fallback** ⚠️