edit

Admin GUI Portal - Konga Guide#

Dashboard#

The Dashboard section is divided into subsections that show application configuration details.

Global Info shows oxd and the client details used by Konga. Check the version of the currently-used oxd Server or the address of the Gluu Server in this section. The oxd ID, Client ID and Client Secret are the credentials for the client created by default during Gluu Gateway installation and setup.

The Gateway and Database Info sections show details about the Gateway itself and the included Postgres database, respectively.

The Plugins section displays all the plugins supported by the Gluu Gateway. When inactive, a plugin is shown as gray. When plugin is added to an API/Consumer or globally, its name will turn green on the dashboard.

The remaining subsections, Requests, Connections and Timers show real-time metrics for Gluu Gateway's health.

dashboard

Info#

The Info section shows generic details about the Kong node.

info

Services#

Service List#

Service entities are abstractions of each upstream service. Some examples of Services would be a data transformation microservice, a billing API, etc.

Check the Kong Service configuration docs for more details.

3_service_list

Note

The eye icon is used to see raw JSON objects. Use this to see the object ID, if needed.

Tools Details
+ ADD NEW SERVICE This button is used to add a new service.
Gluu Security This column only shows the added Gluu plugins.
Edit Button This button is used to edit a service, and configure routes and plugins for the selected service. Click on service name to edit the service.
Delete Button This button is used to delete the selected service.

Add Service#

Add a Service using the + ADD NEW SERVICE button.

3_2_add_service

Manage Service#

Edit a Service and manage its plugins by clicking on the pencil icon on the Service list. There are four sections:

Service Details#

This section is used to view and edit a Service.

3_3_service_details

Service Routes#

This section is used to manage the routes within the selected service.

Check Kong routes configuration docs for more details.

3_4_service_route

Tools Details
+ ADD ROUTE This button is used to add a new route.
Edit Button This button is used to edit a route, configure a route and configure plugins of the selected service.
Delete Button This button is used to delete the selected route.

Service Plugins#

This section is used to add and view plugins.

Service Plugin List#

3_5_service_plugins

Tools Details
+ ADD PLUGIN This button is used to add a plugin.
Edit Plugin Click on a plugin's name to edit its configuration.
Delete Button This button is used to delete a selected route.
ON/OFF Switch Toggle a plugin on/off.
Add Service Plugin#

Add a Plugin by clicking the + icon next to the plugin’s name.

3_6_add_plugins

Eligible Consumers for Service#

This section is for the ACL Kong plugin, which restricts access to an API by whitelisting or blacklisting consumers using arbitrary ACL group names. It shows the list of consumers that are configured with ACL groups.

3_7_eligible_consumers

Routes#

Route List#

The Route entities define rules to match client requests. Each Route is associated with a Service, and a Service may have multiple Routes associated with it. Every request matching a given Route will be proxied to its associated Service.

Check Kong routes configuration docs for more details.

4_1_route_list

Tools Details
Gluu Security This column only shows the added Gluu plugins.
Edit Button This button is used to edit a Route and configure its plugins. Click on ROUTE ID to edit the Route.
Delete Button This button is used to delete the selected Route.

Add Route#

Use the Service section to add new route.

Manage Route#

Edit a Route and manage its plugins by clicking on the pencil icon on the Route list. There are three sections:

Route Details#

This section is used to view and edit a Route.

4_2_route_details

Route Plugins#

This section is used to view the list of added Plugins and add a new Plugin.

Route Plugin List#

4_3_route_plugin

Tools Details
+ ADD PLUGIN This button is used to add plugin.
Edit Plugin Click on plugin name to edit plugin configurations.
Delete Button This button is used to delete selected route.
ON/OFF Switch Toggle a plugin on/off.
Add Route Plugin#

Add a Plugin by clicking the + icon next to a plugin’s name.

4_4_add_plugins

Eligible Consumers for Route#

This section is for the ACL Kong plugin, which restricts access to an API by whitelisting or blacklisting consumers using arbitrary ACL group names. It shows the list of consumers that are configured with ACL Groups.

4_5_route_eligible_consumer

Consumers#

The Consumer object represents a consumer - or a user - of a Service. Either rely on Kong as the primary datastore, or map the consumer list with a database to keep consistency between Kong and the existing primary datastore.

consumers

Add Consumers by using the + CREATE CONSUMER button.

consumers_add

Fields Details
Consumer Name The Kong Consumer Username, which is the identifier used by Kong for the client. Should contain no spaces or special characters.
Gluu Client Id The Kong Consumer Custom ID, used to correlate an access token with a Kong consumer. The client must already exist before being registered here as a way to identify a consumer.

Manage Consumer#

Click on the Consumer Name to manage a consumer. Edit and manage ACL plugin groups and add plugins here.

Consumer Details#

View and edit the selected consumer details here.

4_edit_consumer

Groups#

Create a group for ACL plugins to whitelist and blacklist consumers according to ACL plugin configuration.

4_consumer_groups

Consumer Plugins#

Some plugins can be configured for each specific consumer. This section will also add the plugin globally, which will apply for every service and route.

4_consumer_plugin

Create Client#

Click on the + CREATE CLIENT button to create OP client. It will create a client with openid and oxd scopes and with the client_credentials grant type.

4_consumer_client

Fields Details
Client Name(required) Name for newly-created client.
Client Id(optional) Use any existing OP Client's client_id. If left blank, the oxd server will create a new client in the OP server.
Client Secret(optional) Use any existing OP Client's client_secret. If left blank, the oxd server will create a new client in the OP server.
Access Token as JWT(optional) It will create client with Access Token as JWT:true, It is used to return the access token as a JWT. The Gluu OAuth PEP plugin supports JWT access tokens.
RPT as JWT(optional) It will create client with RPT as JWT:true. It is used to return access token(RPT) as JWT. The Gluu UMA PEP plugin supports JWT RPT access tokens.
Token signing algorithm(optional) The default token signing algorithm for the client. It is used for both OAuth access tokens and UMA RPT tokens. Currently, plugins only support 3 algorithms: RS256, RS384 and RS512.

Plugins#

A plugin entity represents a plugin configuration that will be executed during the HTTP request/response lifecycle. Plugins add functionality to services that run behind Kong, such as Authentication or Rate Limiting.

Plugins added in this section of the Gluu Gateway will be applied to all services and routes. To add plugins to a specific service or route, do so in the services or routes section. If you need to add plugins to a specific consumer, do so in the respective consumer page.

Plugin List#

5_plugins

Add Plugin#

Add Plugins by using the + ADD GLOBAL PLUGINS button.

5_plugins_add

Upstreams#

The upstream object represents a virtual hostname and can be used to loadbalance incoming requests over multiple services (targets). For example, an upstream with the name service.v1.xyz loadbalances requests for a Service object whose host is service.v1.xyz. Requests for this Service would be proxied to the targets defined within the upstream.

Check Kong load balancing and health-check docs for more details.

6_upstream

Add Upstreams by using the + CREATE UPSTREAM button.

6_upstream_add

You can modify the details of an Upstream by clicking the DETAILS button next to its name.

6_upstream_details

The Targets section is for managing targets. A target is an IP address/hostname with a port that identifies an instance of a backend service. Every upstream can have many targets, and the targets can be dynamically added. Changes are implemented on the fly.

6_upstream_targets

Certificates#

A Certificate object represents a public certificate/private key pair for an SSL certificate. These objects are used by Kong to handle SSL/TLS termination for encrypted requests. Certificates are optionally associated with SNI objects to tie a certificate/key pair to one or more hostnames.

Check Kong certificate configuration docs for more details.

cert

Add Certificates by using the + CREATE CERTIFICATE button.

cert_add

Connections#

Create connections to Kong nodes and select the one to use by clicking on the respective star icon.

conn

Add Connections by using the + NEW CONNECTION button.

conn_add

Snapshots#

Take snapshots of currently active nodes. All services, routes, plugins, consumers, upstreams and targets will be saved and available for later import.

List#

It shows the list of snapshots.

9_snapshot

Take Snapshot#

9_take_snapshot

Snapshot Details#

Click on the Details option in snapshot list view to see more information about the snapshot.

9_snapshot_details

Restore objects by clicking on the RESTORE button.

9_snapshot_restore

Export data by clicking on the EXPORT button.

Scheduled tasks#

This is used to schedule a task to periodically take snapshots.

9_snapshot_scheduled_list

Create a scheduled task using the ADD SCHEDULE button.

9_snapshot_scheduled_add

Settings#

Set the dashboard refresh interval, logout session timeout and login restrictions in the settings section.

settings

General settings#

Setting Description
Dashboard refresh interval The interval in milliseconds at which the Dashboard data will refresh. Default is 5000 milliseconds.
Logout session timeout The interval in minutes a user will be logged out after idle time. Default is 5000 minutes.

Login restrictions#

Setting Description
Allow only admin user to login. If enabled, only OP Users with the admin role(permission) is allowed to log in to Gluu Gateway UI.

Configure Role for User#

Open the Users section in the Gluu Server and use the User Permission attribute to add a role to the user. Click on User Permission, it will create a text box. Add the admin role and save the user.

role

Navigate to OpenID Connect > Scopes and allow the permission scope.

Permission