Configuration#
oxD configuration consists of two files :
conf/oxd-conf.json
- general configurationconf/oxd-default-site-config.json
- fallback configuration for "Register site" command, see details on Protocol page
oxd-conf.json#
The contents of the configuration file is as follows:
oxd-conf.json
{
"port":8099,
"localhost_only":true,
"time_out_in_seconds":0,
"use_client_authentication_for_pat":true,
"use_client_authentication_for_aat":true,
"trust_all_certs":true,
"trust_store_path":"",
"trust_store_password":"",
"license_id":"",
"public_key":"",
"public_password":"",
"license_password":""
}
- port - oxD socket port
- localhost_only - flag to restrict communication
- time_out_in_seconds - time out for oxd socket in seconds. oxd closes sockets automatically after this time out (stops listen commands). Zero means listen indefinitely.
- use_client_authentication_for_pat - true if client authentication is required, if false than user authentication is performed which require user_id and user_secret specified during register_site command.
- use_client_authentication_for_aat - true if client authentication is required, if false than user authentication is performed which require user_id and user_secret specified during register_site command.
- trust_all_certs - true to trust all certificates, if false then trust_store_path must be specified to store with valid certificates
- trust_store_path - Path to Java .jks trust store to be used for an SSL connection.
- trust_store_password - password of trust store
- license_id - Will be supplied when you order a license.
- public_key - Will be supplied when you order a license. It's very big--make sure you it's one line with no spaces (if your mail client added line breaks).
- public_password - Will be supplied when you order a license.
- license_password - Will be supplied when you order a license.
oxd-default-site-config.json#
conf/oxd-default-site-config.json
{
"op_host":"",
"authorization_redirect_uri":"",
"post_logout_redirect_uri":"",
"response_types":["code"],
"grant_type":["authorization_code"],
"acr_values":["basic"],
"scope":["openid", "profile"],
"ui_locales":["en"],
"claims_locales":["en"],
"client_jwks_uri":"",
"contacts":[]
}
- op_host - must point to a valid Gluu Server CE installation. (Sample : "op_host":"https://idp.example.org")
- authorization_redirect_uri - URL that the OpenID Connect Provider (OP) will redirect the person to after successful authentication
- post_logout_redirect_uri - URL to which the RP is requesting that the End-User's User Agent be redirected after a logout has been performed
- response_types - JSON array containing a list of the OAuth 2.0 response_type values that the site is declaring that it will restrict itself to using
- grant_type - JSON array containing a list of the OAuth 2.0 Grant Types that the Client is declaring that it will restrict itself to using
- acr_values - specified authentication method (basic, duo, u2f)
- scope - JSON array containing a list of the scopes that the Client is declaring that it will restrict itself to using
- ui_locales - End-User's preferred languages and scripts for the user interface, represented as a space-separated list of BCP47 [RFC5646] language tag values, ordered by preference
- claims_locales - End-User's preferred languages and scripts for Claims being returned, represented as a space-separated list of BCP47 [RFC5646] language tag values, ordered by preference
- contacts - array of e-mail addresses of people responsible for this Client