Skip to content

OpenID Connect Configuration#

The Janssen Server provides multiple configuration tools to perform these tasks.

Use the command line to perform actions from the terminal. Learn how to use Jans CLI here or jump straight to the Using Command Line

Use a fully functional text-based user interface from the terminal. Learn how to use Jans Text-based UI (TUI) here or jump straight to the Using Text-based UI

Use REST API for programmatic access or invoke via tools like CURL or Postman. Learn how to use Janssen Server Config API here or Jump straight to the Using Configuration REST API

Using Command Line#

In the Janssen Server, you can deploy and manage the OpenID Connect Client using the command Line. To get the details of Janssen command line operations relevant to OpenID Connect Client, you can check the operations under OauthOpenidConnectClients task using the command below:

Let's get the information about OpenID Connect Client Configuration:

Command
/opt/jans/jans-cli/config-cli.py --info OauthOpenidConnectClients
Sample Output
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
Operation ID: get-oauth-openid-clients
 Description: Gets list of OpenID Connect clients
 Parameters:
 limit: Search size - max size of the results to return [integer]
 pattern: Search pattern [string]
 startIndex: The 1-based index of the first query result [integer]
 sortBy: Attribute whose value will be used to order the returned response [string]
 sortOrder: Order in which the sortBy param is applied. Allowed values are "ascending" and "descending" [string]
 fieldValuePair: Field and value pair for seraching [string]
Operation ID: put-oauth-openid-client
 Description: Update OpenId Connect client
 Schema: Client
Operation ID: post-oauth-openid-client
 Description: Create new OpenId Connect client
 Schema: Client
Operation ID: get-oauth-openid-clients-by-inum
 Description: Get OpenId Connect Client by Inum
 Parameters:
 inum: Client identifier [string]
Operation ID: delete-oauth-openid-client-by-inum
 Description: Delete OpenId Connect client
 Parameters:
 inum: Client identifier [string]
Operation ID: patch-oauth-openid-client-by-inum
 Description: Patch OpenId Connect client
 Parameters:
 inum: Client identifier [string]
 Schema: Array of JsonPatch

To get sample schema type /opt/jans/jans-cli/config-cli.py --schema-sample <schema>, for example /opt/jans/jans-cli/config-cli.py --schema-sample JsonPatch

Get List of OpenID Connect Clients#

To get the list of OpenID Connect clients, run the following command:

Command
/opt/jans/jans-cli/config-cli.py --operation-id get-oauth-openid-clients
Sample Output
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
{
  {
  "start": 0,
  "totalEntriesCount": 3,
  "entriesCount": 3,
  "entries": [
 {
      "dn": "inum=1800.ca57f8f8-e163-4cdc-96f2-e2760e627bfe,ou=clients,o=jans",
      "deletable": false,
      "clientSecret": "qAnnHv5Yxw6I+xHXJI6kj6f4pogINrnw7Z/sDPXSW10=",
      "frontChannelLogoutUri": "null",
      "frontChannelLogoutSessionRequired": false,
      "redirectUris": [
        "https://www.google.com/"
 ],
      "claimRedirectUris": [],
      "responseTypes": [
        "code"
 ],
      "grantTypes": [
        "authorization_code",
        "refresh_token",
        "client_credentials"
 ],
      "applicationType": "web",
      "contacts": [],
      "clientName": "Jans Config Api Client",
      "clientNameLocalized": {},
      "logoUriLocalized": {},
      "clientUriLocalized": {},
      "policyUriLocalized": {},
      "tosUriLocalized": {},
      "subjectType": "pairwise",
      "idTokenSignedResponseAlg": "RS256",
      "tokenEndpointAuthMethod": "client_secret_basic",
      "defaultAcrValues": [],
      "postLogoutRedirectUris": [],
      "requestUris": [],
      "scopes": [
        "inum=1800.01.75,ou=scopes,o=jans",
        "inum=1800.01.76,ou=scopes,o=jans",
        "inum=1800.01.77,ou=scopes,o=jans",
        "inum=1800.01.78,ou=scopes,o=jans",
        "inum=1800.01.71,ou=scopes,o=jans",
        "inum=1800.01.72,ou=scopes,o=jans",
 ],
      "claims": [],
      "trustedClient": false,
   ....
   ....
   ....

      "baseDn": "inum=1800.ca57f8f8-e163-4cdc-96f2-e2760e627bfe,ou=clients,o=jans",
      "inum": "1800.ca57f8f8-e163-4cdc-96f2-e2760e627bfe"
 },
 {
      "dn": "inum=478049e2-210d-4b64-bc16-10440c973f65,ou=clients,o=jans",
      "deletable": false,
      "clientSecret": "37983639-0586-4ed3-8644-b5bc41c4ce49",
      "frontChannelLogoutSessionRequired": false,
      "redirectUris": [
        "https://www.google.com/"
 ],
      "grantTypes": [],
      "applicationType": "web",
      "clientNameLocalized": {},
      "logoUriLocalized": {},
      "clientUriLocalized": {},
      "policyUriLocalized": {},
      "tosUriLocalized": {},
      "subjectType": "public",
      "tokenEndpointAuthMethod": "client_secret_basic",
      "trustedClient": false,
     .....
     .....
     .....
      ],
      "baseDn": "inum=478049e2-210d-4b64-bc16-10440c973f65,ou=clients,o=jans",
      "inum": "478049e2-210d-4b64-bc16-10440c973f65"
 },
 {
      "dn": "inum=ec53d411-5243-4c76-b91c-661b35853cd0,ou=clients,o=jans",
      "deletable": false,
      "clientSecret": "456e1c1e-796d-4dc0-9f16-7b54c9e4eb5b",
      "frontChannelLogoutSessionRequired": false,
      "redirectUris": [
        "https://docs.jans.io/"
 ],
      "grantTypes": [],
      "applicationType": "web",
      "clientNameLocalized": {},
      "logoUriLocalized": {},
      "clientUriLocalized": {},
      "policyUriLocalized": {},
      "tosUriLocalized": {},
      "subjectType": "public",
      "tokenEndpointAuthMethod": "client_secret_basic",
      "trustedClient": false,
      .....
      .....
      .....

      "baseDn": "inum=ec53d411-5243-4c76-b91c-661b35853cd0,ou=clients,o=jans",
      "inum": "ec53d411-5243-4c76-b91c-661b35853cd0"
 }
 ]
}

To search using parameters, use the command below:

Command
/opt/jans/jans-cli/config-cli.py --operation-id get-oauth-openid-clients \
--endpoint-args limit:2

Creating a New OpenID Connect Clients#

To add an OpenID Connect client, we can use post-oauth-openid-client operation id. As shown in the output for --info command, the post-oauth-openid-client operation requires data to be sent according to Client schema.

To see the schema, use the command below:

Command
/opt/jans/jans-cli/config-cli.py --schema Client

The Janssen Server also provides an example of data that adheres to the above schema. To fetch the example, use the command below.

Command
/opt/jans/jans-cli/config-cli.py --schema-sample Client

Using the schema and the example above, we have added OpenID Connect client data to the file /tmp/openid-connect.json. An OpenID Connect client may have many properties, but we are going to fill only the required properties as shown below:

Input
{
  "redirectUris": [
    "https://www.google.com/"
 ]
}
Now let's post an OpenID Connect client to the Janssen Server to be added to the existing set:

Command
/opt/jans/jans-cli/config-cli.py --operation-id post-oauth-openid-client \
--data /tmp/openid-connect.json

Update OpenId Connect client#

To update the configuration follow the steps below.

  1. Get the existing OpenID Connect Client and store it into a file for editing. The following command will retrieve the existing OpenID Connect Client in the schema file.
    Command
    /opt/jans/jans-cli/config-cli.py -no-color \
--operation-id get-oauth-openid-clients-by-inum \
--url-suffix inum:1800.ca57f8f8-e163-4cdc-96f2-e2760e627bfe > /tmp/update-client.json
  2. Edit and update the desired configuration values in the file while keeping other properties and values unchanged. Updates must adhere to the Client schema as mentioned here.
  3. We have changed in parLifetime only the 600 to 700. Use the updated file to send the update to the Janssen Server using the command below
    Command
    /opt/jans/jans-cli/config-cli.py --operation-id put-oauth-openid-client \
--data /tmp/update-client.json

Upon successful execution of the update, the Janssen Server responds with updated configuration

Patch OpenID Connect Client by inum#

Using patch-oauth-openid-client-by-inum, we can modify OpenID Connect Clients partially for its properties.

To use this operation, specify the inum of the OpenID Connect Client that needs to be updated using the --url-suffix and the property and the new value using the JSON Patch. Refer here to know more about schema.

In this example; We will change the value of the property applicationType from web to native.

Input
1
2
3
4
5
6
7
[
{
  "op": "replace",
  "path": "applicationType",
  "value": "native"
}
]

Now let's do the operation with the command line.

/opt/jans/jans-cli/config-cli.py \
--operation-id patch-oauth-openid-client-by-inum \
--url-suffix inum:1800.ca57f8f8-e163-4cdc-96f2-e2760e627bfe --data /tmp/schema.json

Get OpenID Connect Client by Inum#

With get-oauth-openid-clients-by-inum operation-id, we can get any specific OpenID Connect Client matched with Inum. If we know the inum, we can use the below command:

/opt/jans/jans-cli/config-cli.py \
--operation-id get-oauth-openid-clients-by-inum \
--url-suffix inum:1800.ca57f8f8-e163-4cdc-96f2-e2760e627bfe
The result will only show details of client with inum:1800.ca57f8f8-e163-4cdc-96f2-e2760e627bfe.

Delete OpenID Connect client#

Delete the OpenID Connect client using its inum. The command line is:

Command
/opt/jans/jans-cli/config-cli.py \
--operation-id delete-oauth-openid-client-by-inum \
--url-suffix inum:a89b5c29-2a91-48b5-bf27-1bf786954a06
It will delete the OpenID Connect client if it matches with the given inum.

Using Text Based UI#

Start TUI using the command below:

Command
sudo /opt/jans/jans-cli/jans_cli_tui.py

Client Screen#

Navigate to Auth Server -> Clients to open the client screen as shown in the image below.

image

  • This screen shows the OpenID Connect Clients list.
  • To get the list of currently added clients, bring the control to Search box (using the tab key), and press the Enter key. Type the search string to search for the client with the matching client name.

Add-Update Client screen#

  • Use the Add Client button to create a new client.

  • After adding the valid data using the Save button, add a new OpenID Connect client.

  • Update the OpenID Connect client as well.

  • To update the client, bring the control to the Specific Client row and press the Enter key, then it will show the edit client screen. 

image

Delete Screen#

  • To delete the client, bring the control to the Specific Client row and press the Delete key. Then it will show the Delete confirmation box.

image

Using Configuration REST API#

Janssen Server Configuration REST API exposes relevant endpoints for managing and configuring the OpenID Connect Client. Endpoint details are published in the Swagger document.

Last update: 2024-08-05
Created: 2021-04-22