Skip to content

Janssen Setup Script#

Running Setup#

After installation, executing setup.py will launch the SETUP Command Line by default.

To run the script, run the following command:

python3 /opt/jans/jans-setup/setup.py

A warning will pop up if the free disk space is less than the recommended 40 GB. The installer will check that all dependant packages are installed or not, and if missing it will ask to install. When prompted Y/y at the command prompt will install all required packages.

  1. The installer will detect which operating system, init type, and Apache version are currently on the server.

  2. The setup script will bring up a prompt to provide information for certificates as well as the IP Address and the hostname for the Janssen Authorization Server. Hit Enter to accept the default values.

Enter IP Address:
Enter hostname:
Enter your city or locality:
Enter your state or province two letter code:
Enter two letter Country Code
Enter Organization name:
Enter email address for support at your organization:
Enter maximum RAM for applications in MB:
Enter Password for Admin User:
  1. Next, pick a persistence mechanism. Choose from openDJ, MySQL ,PGSql, an LDAP that can be installed locally or remotely, or Couchbase, an enterprise NoSQL cloud database.

  2. Next, pick which services should be installed for this deployment:

bash Install Jans Config API? [Yes] : Install Scim Server? [Yes] : Install Fido2 Server? [Yes] : Install Jans LDAP Link Server? [Yes] : Install Gluu Casa? [No] :

  1. Finally, review the summary screen that gives an overview of the selections made during the setup process.

Avoiding common issues#

Avoid setup issues by acknowledging the following:

  • IP Address: Do not use localhost for either the IP address or hostname.

  • Hostname:

  • Make sure to choose the hostname carefully. Changing the hostname after installation is not a simple task.

  • Use a real hostname--this can always be managed via host file entries if adding a DNS entry is too much work for testing.

  • For clustered deployments, use the hostname of the cluster that will be used by applications connecting to Janssen Authorization Server.

Warning

Use a FQDN (fully qualified domain name) as hostname and refrain from using 127.0.0.1 as IP address or usage of private IP is not supported and not recommended.

Script Command Line Options#

To check usage of this script run help command

    python3 /opt/jans/jans-setup/setup.py --help

    usage: jans_setup.py [-h] [--version] [-c] [-d D] [-f F] [-n] [-N] [-u] [-csx]
                     [-remote-rdbm {mysql,pgsql,spanner} | -local-rdbm {mysql,pgsql}] [-ip-address IP_ADDRESS] [-host-name HOST_NAME]
                     [-org-name ORG_NAME] [-email EMAIL] [-city CITY] [-state STATE] [-country COUNTRY] [-rdbm-user RDBM_USER]
                     [-rdbm-password RDBM_PASSWORD] [-rdbm-port RDBM_PORT] [-rdbm-db RDBM_DB] [-rdbm-host RDBM_HOST] [--reset-rdbm-db]
                     [--shell] [--dump-config-on-error] [--no-progress] [-admin-password ADMIN_PASSWORD] [-jans-max-mem JANS_MAX_MEM]
                     [-properties-password PROPERTIES_PASSWORD] [-approved-issuer APPROVED_ISSUER] [--force-download] [--download-exit]
                     [-jans-app-version JANS_APP_VERSION] [-jans-build JANS_BUILD] [-setup-branch SETUP_BRANCH]
                     [--disable-config-api-security] [--cli-test-client] [--import-ldif IMPORT_LDIF] [-enable-script ENABLE_SCRIPT]
                     [-disable-script DISABLE_SCRIPT] [-stm] [-w] [-t] [-x] [--allow-pre-released-features] [--listen_all_interfaces]
                     [--remote-ldap | --disable-local-ldap] [--remote-couchbase] [--local-couchbase]
                     [-couchbase-admin-user COUCHBASE_ADMIN_USER] [-couchbase-admin-password COUCHBASE_ADMIN_PASSWORD]
                     [-couchbase-bucket-prefix COUCHBASE_BUCKET_PREFIX] [-couchbase-hostname COUCHBASE_HOSTNAME] [--no-data]
                     [--no-jsauth] [-ldap-admin-password LDAP_ADMIN_PASSWORD] [--no-config-api] [--no-scim] [--no-fido2]
                     [--install-jans-ldap-link] [--with-casa] [--load-config-api-test]
                     [-config-patch-creds CONFIG_PATCH_CREDS] [-spanner-project SPANNER_PROJECT] [-spanner-instance SPANNER_INSTANCE]
                     [-spanner-database SPANNER_DATABASE]
                     [-spanner-emulator-host SPANNER_EMULATOR_HOST | -google-application-credentials GOOGLE_APPLICATION_CREDENTIALS]
                     [-test-client-id TEST_CLIENT_ID] [-test-client-pw TEST_CLIENT_PW]
                     [-test-client-redirect-uri TEST_CLIENT_REDIRECT_URI] [--test-client-trusted]

Use this script to configure your Jans Server and to add initial data. If setup.properties is found in this folder, these properties will automatically be used instead of the interactive setup.

Below are the optional arguments:

Argument Description
-h, --help show this help message and exit
--version show program's version number and exit
-c Use command line instead of TUI
-d D Installation directory
-f F Specify setup.properties file
-n No interactive prompt before install starts. Run with -f
-N, --no-httpd No apache httpd server
-u Update hosts file with IP address / hostname
-csx Collect setup properties, save and exit
-remote-rdbm Enables using remote RDBM server
-local-rdbm Enables installing/configuring local RDBM server
-ip-address IP_ADDRESS Used primarily by Apache httpd for the Listen directive
-host-name HOST_NAME Internet-facing FQDN that is used to generate certificates and metadata.
-org-name ORG_NAME Organization name field used for generating X.509 certificates
-email EMAIL Email address for support at your organization used for generating X.509 certificates
-city CITY City field used for generating X.509 certificates
-state STATE State field used for generating X.509 certificates
-country COUNTRY Two letters country coude used for generating X.509 certificates
-rdbm-user RDBM_USER RDBM username
-rdbm-password RDBM_PASSWORD RDBM password
-rdbm-port RDBM_PORT RDBM port
-rdbm-db RDBM_DB RDBM database
-rdbm-host RDBM_HOST RDBM host
--reset-rdbm-db Deletes all tables on target database. Warning! You will lose all data on target database.
--shell Drop into interactive shell before starting installation
--dump-config-on-error Dump configuration on error
--no-progress Use simple progress
-admin-password ADMIN_PASSWORD Used as the Administrator password
-jans-max-mem JANS_MAX_MEM Total memory (in KB) to be used by Jannsen Server
-properties-password PROPERTIES_PASSWORD Encoded setup.properties file password
-approved-issuer APPROVED_ISSUER Api Approved Issuer
--force-download Force downloading files
--download-exit Download files and exits
-jans-app-version JANS_APP_VERSION Version for Jannsen applications
-jans-build JANS_BUILD Build version for Janssen applications
-setup-branch SETUP_BRANCH Jannsen setup github branch
--disable-config-api-security Turn off oauth2 security validation for jans-config-api
--cli-test-client Use config api test client for CLI
--import-ldif IMPORT_LDIF Render ldif templates from directory and import them in Database
-enable-script ENABLE_SCRIPT inum of script to enable
-disable-script DISABLE_SCRIPT inum of script to disable
-disable-selinux Disable SELinux
-stm, --enable-scim-test-mode Enable Scim Test Mode
-w Get the development head war files
-t Load test data
-x Load test data and exit
--allow-pre-released-features Enable options to install experimental features, not yet officially supported
--listen_all_interfaces Allow the LDAP server to listen on all server interfaces
--remote-ldap Enables using remote LDAP server
--disable-local-ldap Disables installing local LDAP server
--remote-couchbase Enables using remote couchbase server
--local-couchbase Enables installing couchbase server
-couchbase-admin-user COUCHBASE_ADMIN_USER Couchbase admin user
-couchbase-admin-password COUCHBASE_ADMIN_PASSWORD Couchbase admin user password
-couchbase-bucket-prefix COUCHBASE_BUCKET_PREFIX Set prefix for couchbase buckets
-couchbase-hostname COUCHBASE_HOSTNAME Remote couchbase server hostname
--no-data Do not import any data to database backend, used for clustering
--no-jsauth Do not install OAuth2 Authorization Server
-ldap-admin-password LDAP_ADMIN_PASSWORD Used as the LDAP directory manager password
--no-config-api Do not install Jans Auth Config Api
--no-scim Do not install Scim Server
--no-fido2 Do not install Fido2 Server
--install-jans-ldap-link Install LDAP Link Server
--with-casa Install Gluu/Flex Casa Server
--load-config-api-test Load Config Api Test Data
--install-cache-refresh Install Cache Refresh Server
-config-patch-creds CONFIG_PATCH_CREDS password:username for downloading auto test ciba password
-spanner-project SPANNER_PROJECT Spanner project name
-spanner-instance SPANNER_INSTANCE Spanner instance name
-spanner-database SPANNER_DATABASE Spanner database name
-spanner-emulator-host SPANNER_EMULATOR_HOST Use Spanner emulator host
-google-application-credentials GOOGLE_APPLICATION_CREDENTIALS Path to Google application credentials json file
-test-client-id TEST_CLIENT_ID ID of test client which has all available scopes. Must be in UUID format.
-test-client-pw TEST_CLIENT_PW Secret for test client
-test-client-redirect-uri TEST_CLIENT_REDIRECT_URI Redirect URI for test client
--test-client-trusted Make test client trusted

Last update: 2024-09-11
Created: 2022-05-18