Not able to access oxtrust (Gluu Server's administration graphical user interface ) #7093
Replies: 8 comments 1 reply
-
|
Yes - as I understand it, the HTML GUI is only in the Commercial version, and that's because is a big attack surface that the dev team needs support. You can use the TUI (Text User interface), which provides Configuration Edit, with the same capabilities available in CLI and the API. The TUI, CLI and API have no attack surface. And indeed, they propose you should be aiming for config as code for maximum protection. |
Beta Was this translation helpful? Give feedback.
-
|
Brian is correct. Closing this issue. Use the TUI, it's great! |
Beta Was this translation helpful? Give feedback.
-
|
Thanks. I had hit some issue for which the documentation was referring to the oxTrust WebUI, for which I couldn't find an equivalent in TUI. I will update this discussion (or create a new one) if the I hit that issue again. Thanks for the help. |
Beta Was this translation helpful? Give feedback.
-
|
oh, interesting. We're going to search the docs for oxTrust... good idea. |
Beta Was this translation helpful? Give feedback.
-
|
I am happy to write the documentation, when we map the path. some detailI had the same the except for jansSubjectType (I had Public) , and jansScope (you have additional scope: (offline_access)). You are using Agama workflow. I am not. Note, I am working in TUI, so I just select the scopes I did not find this in TUI (do I need it if not agama?) [jansAccessTknSigAlg[: RS256 or this [jansTrustedClnt: true] =================== 
|
Beta Was this translation helpful? Give feedback.
-
|
Can you export the client JSON and paste it here? From the TUI you can do this by pressing |
Beta Was this translation helpful? Give feedback.
-
|
Done
```
***@***.***:/# cat Wordpress.Janssen.OpenId_Client.Json
{
"dn": "inum=7092cab5-a883-4db4-b29f-387884460015,ou=clients,o=jans",
"deletable": false,
"clientSecret": "xxxxxxxxxxxx",
"frontChannelLogoutUri": "https://cekh-pp-main-nc.abraxasdev.com/logout.php, https://cekh-pp-main-md.abraxasdev.com/logout.php",
"frontChannelLogoutSessionRequired": false,
"redirectUris": [
"https://cekh-pp-main-wp.abraxasdev.com/admin-ajax.php?action=openid-connect-authorize"
],
"responseTypes": [
"code"
],
"grantTypes": [
"authorization_code"
],
"applicationType": "web",
"clientName": "Wordpress",
"clientNameLocalized": {},
"logoUriLocalized": {},
"clientUriLocalized": {},
"policyUriLocalized": {},
"tosUriLocalized": {},
"subjectType": "pairwise",
"tokenEndpointAuthMethod": "client_secret_post",
"defaultAcrValues": [
"simple_password_auth"
],
"postLogoutRedirectUris": [
"https://cekh-pp-main-wp.abraasdev.com/wp-login.php?loggedout=true&wp_lang=en_US"
],
"scopes": [
"inum=764C,ou=scopes,o=jans",
"inum=F0C4,ou=scopes,o=jans",
"inum=43F1,ou=scopes,o=jans",
"inum=C4F6,ou=scopes,o=jans"
],
"trustedClient": false,
"persistClientAuthorizations": true,
"includeClaimsInIdToken": true,
"customAttributes": [],
"customObjectClasses": [
"top"
],
"rptAsJwt": false,
"accessTokenAsJwt": true,
"disabled": false,
"attributes": {
"runIntrospectionScriptBeforeJwtCreation": false,
"keepClientAuthorizationAfterExpiration": false,
"allowSpontaneousScopes": false,
"backchannelLogoutSessionRequired": false,
"parLifetime": 600,
"requirePar": false,
"dpopBoundAccessToken": false,
"jansAuthorizedAcr": [
"simple_password_auth"
],
"jansDefaultPromptLogin": false,
"minimumAcrLevel": -1
},
"backchannelTokenDeliveryMode": "poll",
"backchannelUserCodeParameter": false,
"description": "KHub Aop Server",
"displayName": "Wordpress",
"authenticationMethod": "client_secret_post",
"allAuthenticationMethods": [
"client_secret_post"
],
"baseDn": "inum=7092cab5-a883-4db4-b29f-387884460015,ou=clients,o=jans",
"inum": "7092cab5-a883-4db4-b29f-387884460015"
}
```
… On Dec 18, 2023, at 2:25 PM, Michael Schwartz ***@***.***> wrote:
jansTrustedClnt : True will supress the authorization. If you don't specify an access token signature algorithm, you will either get no signature or one with the server default AT signature key.
Can you export the client JSON and paste it here? From the TUI you can do this by pressing d when you a viewing the list of clients, like this:
image.png (view on web) <https://github.com/JanssenProject/jans/assets/3717101/5c47b2dc-9cd0-458e-b47f-2fdd7483b9e8>
Then you can export this client JSON to a file.
—
Reply to this email directly, view it on GitHub <#7093 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AARINNMQUHZ6EWDQZBEOP4DYKCYFFAVCNFSM6AAAAABAUMFB2KVHI2DSMVQWIX3LMV43SRDJONRXK43TNFXW4Q3PNVWWK3TUHM3TQOJQHE4TC>.
You are receiving this because you commented.
|
Beta Was this translation helpful? Give feedback.
-
|
Looks good to me... |
Beta Was this translation helpful? Give feedback.
-
|
Great.
Tx Mike.
… On Dec 18, 2023, at 2:25 PM, Michael Schwartz ***@***.***> wrote:
jansTrustedClnt : True will supress the authorization. If you don't specify an access token signature algorithm, you will either get no signature or one with the server default AT signature key.
Can you export the client JSON and paste it here? From the TUI you can do this by pressing d when you a viewing the list of clients, like this:
image.png (view on web) <https://github.com/JanssenProject/jans/assets/3717101/5c47b2dc-9cd0-458e-b47f-2fdd7483b9e8>
Then you can export this client JSON to a file.
—
Reply to this email directly, view it on GitHub <#7093 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AARINNMQUHZ6EWDQZBEOP4DYKCYFFAVCNFSM6AAAAABAUMFB2KVHI2DSMVQWIX3LMV43SRDJONRXK43TNFXW4Q3PNVWWK3TUHM3TQOJQHE4TC>.
You are receiving this because you commented.
|
Beta Was this translation helpful? Give feedback.
-
Hi,
I have installed Janssen community edition on Ubuntu 22.04 as per instructions at: https://docs.jans.io/v1.0.20/admin/install/vm-install/ubuntu/.
However, when I try to access the oxtrust admin UI by browsing to https://hostname, I just get "OK" as the response. I am not able to access the dashboard and other functionality of the oxtrust as stated in https://gluu.org/docs/gluu-server/4.0/admin-guide/oxtrust-ui/
Is this only available in Commercial version or am I missing any configuration / installation steps. FYI, I am able to login to https://hostname/jans-casa and was able to able to test the authentication of a user with postman client.
Thanks,
Amar Nath V
Beta Was this translation helpful? Give feedback.
All reactions