Advanced Admin GUI Components and Configuration#
The Consumer object represents a consumer - or a user - of a Service. Either rely on Kong as the primary datastore, or map the consumer list with a database to keep consistency between Kong and the existing primary datastore.
Add Consumers by using the
+ CREATE CONSUMER button.
|Consumer Name||The Kong Consumer Username, which is the identifier used by Kong for the client. Should contain no spaces or special characters.|
|Gluu Client Id||The Kong Consumer Custom ID, used to correlate an access token with a Kong consumer. The client must already exist before being registered here as a way to identify a consumer.|
|Tags||An optional set of strings associated with the Consumer, for grouping and filtering.|
Click on the Consumer Name to manage a consumer. Edit and manage ACL plugin groups and add plugins here.
View and edit the selected consumer details here.
Create a group for ACL plugins to whitelist and blacklist consumers according to ACL plugin configuration.
Some plugins can be configured for each specific consumer. This section will also add the plugin globally, which will apply to every service and route.
Click on the
+ CREATE CLIENT button to create OP client. It will create a client with the
client_credentials grant type. It creates a client using the oxd
register-site API, so you can use direct the oxd API as well.
|Client Name(required)||Name for newly-created client.|
|Client Id(optional)||Use any existing OP Client's client_id. If left blank, the oxd server will create a new client in the OP server.|
|Client Secret(optional)||Use any existing OP Client's client_secret. If left blank, the oxd server will create a new client in the OP server.|
|Access Token as JWT(optional)||It will create client with
|RPT as JWT(optional)||It will create client with
|Token signing algorithm(optional)||The default token signing algorithm for the client. It is used for both OAuth access tokens and UMA RPT tokens. Currently, plugins only support 3 algorithms: RS256, RS384 and RS512.|
|Scope||The scope for the OP Client.
The upstream object represents a virtual hostname and can be used to loadbalance incoming requests over multiple services (targets). For example, an upstream with the name
service.v1.xyz loadbalances requests for a Service object whose host is service.v1.xyz. Requests for this Service would be proxied to the targets defined within the upstream.
Add Upstreams by using the
+ CREATE UPSTREAM button.
You can modify the details of an Upstream by clicking the
DETAILS button next to its name.
Targets section is for managing targets. A target is an IP address/hostname with a port that identifies an instance of a backend service. Every upstream can have many targets, and the targets can be dynamically added. Changes are implemented on the fly.
A Certificate object represents a public certificate/private key pair for an SSL certificate. These objects are used by Kong to handle SSL/TLS termination for encrypted requests. Certificates are optionally associated with SNI objects to tie a certificate/key pair to one or more hostnames.
Check Kong certificate configuration docs for more details.
Add Certificates by using the
+ CREATE CERTIFICATE button.
Create connections to Kong nodes and select the one to use by clicking on the respective star icon.
Add Connections by using the
+ NEW CONNECTION button.
Take snapshots of currently active nodes. All services, routes, plugins, consumers, upstreams and targets will be saved and available for later import.
It shows the list of snapshots.
Click on the
Details option in snapshot list view to see more information about the snapshot.
Restore objects by clicking on the
Export data by clicking on the
This is used to schedule a task to periodically take snapshots.
Create a scheduled task using the
ADD SCHEDULE button.
This section shows logs about the
gluu-openid-connect plugin operations(add, edit, delete).
Set the dashboard refresh interval, logout session timeout and login restrictions in the settings section.
|Dashboard refresh interval||The interval in milliseconds at which the Dashboard data will refresh. Default is 5000 milliseconds.|
|Logout session timeout||The interval in minutes a user will be logged out after idle time. Default is 5000 minutes.|
|Allow only admin user to login.||If enabled, only OP Users with the admin role(permission) is allowed to log in to Gluu Gateway UI.|
Configure Role for User#
Users section in the Gluu Server and use the
User Permission attribute to add a role to the user. Click on
User Permission, it will create a text box. Add the
admin role and save the user.
OpenID Connect >
Scopes and allow the