Skip to content

TUI - Text based User Interface#

The "Text User Interface" or "TUI" is a tool for admins to perform ad hoc configuration of the Janssen Project software components.

You can run it by executing:

sudo /opt/jans/jans-cli/

The TUI calls the Jans Config API. A TUI client is configured out of the box when you run either the VM or container Jans setup. The TUI utilizes the OAuth Device Flow for user authentication--the default admin user created during setup has the correct roles to use all the TUI features. Client credentials, tokens and other data is stored in file ~/.config/jans-cli.ini in encoded format. The user-role mappings roles are defined in a Jans Auth Server introspection script



It's possible to extend the TUI by writing a plugin. Each plugin is loaded dynamically according to the numeric priority of the folders in /opt/jans/jans-cli/plugins. To enable a plugin, you need to edit jans-cli.ini. The default plugins are:

jca_plugins = user-mgt,scim,fido2,admin-ui


When you run the TUI, this is the home panel: image

Auth Server#

The most complicated configuration belongs to Auth Server. This should be no surprise, because this component is responsible for the implementation of OpenID Provider, OAuth Authorization Server, and UMA Authorization Server endpoints.

  • In below screenshot, we are getting the list of existing clients. image
  • It's possible to get details of any client as well. Just hit enter on any client and you will see information like this. image
  • With the button which is located on right upper side named "Add Client", it's possible to create new client. image


The Janssen FIDO Server implements FIDO 2 and FIDO U2F endpoints. Using the TUI, you can view/update details of the FIDO configuration.

There are two configurations included here:

  • Dynamic Configuration image
  • Static Configuration image


System for Cross-domain Identity Management, in short SCIM, is a specification that simplifies the exchange of user identity information across different domains. The Janssen Server provides implementation for the SCIM specification.

With Janssen CLI-TUI, it's possible to view / update SCIM configuration. image

Command Line Logs#

Jans TUI logs all write (post/put/patch) activities to file <log-dir>/cli_cmd.log, default log-dir is home directory of user executing TUI. Consider that we create a user as below

We will have following line in cli_cmd.log:

/usr/bin/python3 /opt/jans/jans-cli/cli/ --operation-id post-user --data '{"customObjectClasses": ["top", "jansPerson"], "customAttributes": [{"name": "middleName", "multiValued": false, "values": [""]}, {"name": "sn", "multiValued": false, "values": ["Watts"]}, {"name": "nickname", "multiValued": false, "values": [""]}], "mail": "", "userId": "ewatts", "displayName": "Emelia Watts", "givenName": "Emelia", "userPassword": "TopSecret", "jansStatus": "active"}'

By using this line, you can create user via, see for example

Standalone Installation#

Configure the Janssen server using the jans-cli-tui a Text based User Interface app which can be installed on any remote Linux machine. There are two ways of achieving this:

1. Build pyz self executable file#

pip3 install shiv
wget -O
cd jans-main/jans-cli-tui/
make zipapp

After build you can execute as


You will be prompted for credentials if you do not have ~/.config/jans-cli.ini. Contact your administrator for credentials. Administrator can obtain credidentials on Janssen Server as follows:

cat /opt/jans/jans-setup/ | grep tui_client

tui_client_id is the Client ID and tui_client_pw is the Client Secret

2. Installing with pip from GitHub#

pip3 install



Last update: 2024-03-06
Created: 2022-11-29