To get started:
Install Janssen CE and ensure to hit Y when Install client-api?
is prompted while running setup scripts.
Configure the client-api-server
Restart Janssen client-api server using below command.
Ubuntu 16.04 (xenial)
Operation | Command |
---|---|
Restart jans-client-api server | /etc/init.d/jans-client-api-server restart |
Ubuntu 18.04 (bionic)/Debian 9 (stretch)/CentOS 7/RHEL 7
Operation | Command |
---|---|
Restart jans-client-api server | systemctl restart jans-client-api-server |
After Janssen Server Community Edition (CE) installation is completed wait for about 10 minutes in total for the server to restart and finalize its configuration. After that period, to access Janssen server CE, sign in via a web browser to hostname
provided during installation. For quick check whether client-api-server is alive use oxd Health Check
endpoint https://$HOSTNAME:8443/health-check
. This should return {"status":"running"}
ensuring the successful installation of client-api.
Call the client API to implement authentication and authorization against an external Authorization Server.
Janssen client-api implements the OpenID Connect and UMA 2.0 profiles of OAuth 2.0.
!!! Attention By default Janssen client-api allows only localhost
to access its apis. To make request from another server or VM add its ip-address to bind_ip_addresses
array in jans-client-api-server.yml
. Check bind_ip_addresses
in configurations for details.
Before using Janssen client-api you need to obtain an access token to secure the interaction with client-api-server
. You can follow the two steps below.
client_id
and client_secret
. Make sure the uma_protection
scope is present in the request and grant_type
has client_credentials
value. If add_client_credentials_grant_type_automatically_during_client_registration
field in /opt/oxd-server/conf/oxd-server.yml
is set to true
then client_credentials
grant type will be automatically added to clients registered using oxd server.)client_id
and client_secret
to obtain access_token
. Note if grant_type
does not have client_credentials
value you will get error to check AS logs.)Pass the obtained access token in Authorization: Bearer <access_token>
header in all future calls to the client-api-server
.
OpenID Connect is a simple identity layer on top of OAuth 2.0.
Technically OpenID Connect is not an authentication protocol–it enables a person to authorize the release of personal information from an "identity provider" to a separate application. In the process of authorizing the release of information, the person is authenticated (if no previous session exists).
Client-api supports the OpenID Connect Hybrid Flow and Authorization Code Flow for authentication.
Learn more about authentication flows in the OpenID Connect spec.
You can think of the Authorization Code Flow as a three-step process:
UMA 2 is a profile of OAuth 2.0 that defines RESTful, JSON-based, standardized flows and constructs for coordinating the protection of APIs and web resources.
Using jans-client-api, your application can delegate access management decisions, like who can access which resources, from what devices, to a central UMA Authorization Server (AS) like the Janssen AS.
Client APIs are swaggerized! Use the Swagger Code Generator to generate native libraries for your programming language of choice.
It is easy to generate appropriate client via https://app.swaggerhub.com GUI, just add swagger spec and in upper right corner it's possible to download client.
Janssen client-api has been tested against the following OAuth 2.0 Authorization Servers:
Follow one of our tutorials to learn how client-api works:
The jans-client-api source code is available on GitHub.
Janssen Server is available under the AGPL open source license.
Gluu offers support for Janssen on the Gluu Support Portal. In fact, we use oxd and a Gluu Server to provide single sign-on across our oxd portal and support app!
For guaranteed response times, private support, and more, Gluu offers VIP support.