Skip to content

Advanced Admin GUI Components and Configuration#


The Consumer object represents a consumer - or a user - of a Service. Either rely on Kong as the primary datastore, or map the consumer list with a database to keep consistency between Kong and the existing primary datastore.


Add Consumers by using the + CREATE CONSUMER button.


Fields Details
Consumer Name The Kong Consumer Username, which is the identifier used by Kong for the client. Should contain no spaces or special characters.
Gluu Client Id The Kong Consumer Custom ID, used to correlate an access token with a Kong consumer. The client must already exist before being registered here as a way to identify a consumer.
Tags An optional set of strings associated with the Consumer, for grouping and filtering.

Manage Consumer#

Click on the Consumer Name to manage a consumer. Edit and manage ACL plugin groups and add plugins here.

Consumer Details#

View and edit the selected consumer details here.



Create a group for ACL plugins to whitelist and blacklist consumers according to ACL plugin configuration.


Consumer Plugins#

Some plugins can be configured for each specific consumer. This section will also add the plugin globally, which will apply to every service and route.


Create Client#

Click on the + CREATE CLIENT button to create OP client. It will create a client with the client_credentials grant type. It creates a client using the oxd register-site API, so you can use direct the oxd API as well.


Fields Details
Client Name(required) Name for newly-created client.
Client Id(optional) Use any existing OP Client's client_id. If left blank, the oxd server will create a new client in the OP server.
Client Secret(optional) Use any existing OP Client's client_secret. If left blank, the oxd server will create a new client in the OP server.
Access Token as JWT(optional) It will create client with Access Token as JWT:true, It is used to return the access token as a JWT. The Gluu OAuth PEP plugin supports JWT access tokens.
RPT as JWT(optional) It will create client with RPT as JWT:true. It is used to return access token(RPT) as JWT. The Gluu UMA PEP plugin supports JWT RPT access tokens.
Token signing algorithm(optional) The default token signing algorithm for the client. It is used for both OAuth access tokens and UMA RPT tokens. Currently, plugins only support 3 algorithms: RS256, RS384 and RS512.
Scope The scope for the OP Client. uma_protection is required in UMA(gluu-uma-auth plugin) authentication case. Note: Press Enter to accept a value.


The upstream object represents a virtual hostname and can be used to loadbalance incoming requests over multiple services (targets). For example, an upstream with the name loadbalances requests for a Service object whose host is Requests for this Service would be proxied to the targets defined within the upstream.

Check Kong load balancing and health-check docs for more details.


Add Upstreams by using the + CREATE UPSTREAM button.


You can modify the details of an Upstream by clicking the DETAILS button next to its name.


The Targets section is for managing targets. A target is an IP address/hostname with a port that identifies an instance of a backend service. Every upstream can have many targets, and the targets can be dynamically added. Changes are implemented on the fly.



A Certificate object represents a public certificate/private key pair for an SSL certificate. These objects are used by Kong to handle SSL/TLS termination for encrypted requests. Certificates are optionally associated with SNI objects to tie a certificate/key pair to one or more hostnames.

Check Kong certificate configuration docs for more details.


Add Certificates by using the + CREATE CERTIFICATE button.


Add SNI.



Create connections to Kong nodes and select the one to use by clicking on the respective star icon.


Add Connections by using the + NEW CONNECTION button.



Take snapshots of currently active nodes. All services, routes, plugins, consumers, upstreams and targets will be saved and available for later import.


It shows the list of snapshots.


Take Snapshot#


Snapshot Details#

Click on the Details option in snapshot list view to see more information about the snapshot.


Restore objects by clicking on the RESTORE button.


Export data by clicking on the EXPORT button.

Scheduled tasks#

This is used to schedule a task to periodically take snapshots.


Create a scheduled task using the ADD SCHEDULE button.


Audit logs#

This section shows logs about the gluu-openid-connect plugin operations(add, edit, delete).



Set the dashboard refresh interval, logout session timeout and login restrictions in the settings section.


General settings#

Setting Description
Dashboard refresh interval The interval in milliseconds at which the Dashboard data will refresh. Default is 5000 milliseconds.
Logout session timeout The interval in minutes a user will be logged out after idle time. Default is 5000 minutes.

Login restrictions#

Setting Description
Allow only admin user to login. If enabled, only OP Users with the admin role(permission) is allowed to log in to Gluu Gateway UI.

Configure Role for User#

Open the Users section in the Gluu Server and use the User Permission attribute to add a role to the user. Click on User Permission, it will create a text box. Add the admin role and save the user.


Navigate to OpenID Connect > Scopes and allow the permission scope.