Setup for gluu-gateway with non-expiring client credentials

By: Christian Garcia user 11 Jun 2018 at 11:47 a.m. CDT

4 Responses
Christian Garcia gravatar
Hello, This is our situation. - We configured gluu-gateway (python setup-gluu-gateway.py) successfully with auto-generated konga's client_id/client_secret, and it was working fine, and after expiration time is reached, before logging in to konga is displayed the message that clients are expired. - Ok, we configured it again, and went to Gluu Server and we extended the expiration date for both konga_client auto-generated. We assumed never will show again an error message about expiration. But it doesn't, after sometime (we think is the same time that initially konga_clients's expiration was set) there is a message showing oxd_id client is expired. How can we solved it? Or better, how can we configure gluu-gateway with non-expiring credentials? How we set manually the oxd ID and both konga_clients that script created on gluu server. We dont understand why setup ask for one(1) konga client-secret and one oxd ID, but in the server when is auto-generated it creates two konga client-secrets and we dont know where also create a oxd ID. We are using Gluu Server as our OAuth2 server, and we want to use kong-oxd to protect our apis, but we are no comfortable with the lack of documentation, even with a paid solution like oxd. Another thing, we dont feel the oxd.gluu.org is a profesional interface, for mentioning some weaknesses: - usage reports is not clear and intuitive. - once again the documentation or help is poor. - there is a blue message on the right-top corner: "Your oxd trial period ends in """SIA""" days. Please add a credit card now to keep your license active after the trial period." If I click on add credit card there is a 404 error page. How many days still pending to expired? We see our organization name instead of number of days. So, in general, for a paid solution you are not properly encouraging me as a client.
Ubuntu 14.04
closed

Answers

By William Lowe user 11 Jun 2018 at 12:01 p.m. CDT

Copy
William Lowe gravatar
Assigning to my colleague for help with GG. A couple things to note re: oxd: 1. We are getting ready to push updates to the oxd dashboard later today. 1. In addition to fixes for issues you mentioned, we will also be adjusting the oxd business model to include up to 10 apps free. I will be sending out an email later this afternoon or tomorrow morning to notify existing oxd customers about the updates and billing changes. Sorry for the inconvenience in the meantime. Thanks, Will

By Meghna Joshi staff 12 Jun 2018 at 6:28 a.m. CDT

Copy
Meghna Joshi gravatar
Hello Christian, Q1. how can we configure gluu-gateway with non-expiring credentials? --> For client setup, you need to setup `remove_expired_clients` flag in `/etc/oxd/oxd-server/oxd-conf.json`. Also please send your oxd config. Maybe you are setup GG with old build package. [Config details](https://gluu.org/docs/oxd/3.1.3/configuration/). Also, you need to call the update_site command to extend the client life. ------------------------------------------------------ Q2. How we set manually the oxd ID and both konga_clients that script created on gluu server? --> You can set values in /opt/gluu-gateway/konga/config/local.js config file. ------------------------------------------------------- Q3. why setup ask for one(1) konga client-secret and one oxd ID, but in the server when is auto-generated it creates two konga client-secrets? --> We are using oxd-http extension so there are two client. client 1 - setup client used for protection access token (client_id/client_secret). client 2 - oxd_id, regular client that can be used for oxd commands. Note: that we scheduled to drop client 2 for next oxd release . [GluuFederation/oxd#141](https://github.com/GluuFederation/oxd/issues/141) --------------------------------------------------- Q4. where also create a oxd ID? --> As per storage_configuration configuration settings in oxd-conf.json. ----------------------------------------------------- Thanks, Meghna

By Christian Garcia user 12 Jun 2018 at 10:12 a.m. CDT

Copy
Christian Garcia gravatar
Hello Meghna, These are our comments about all questions. Q1 & Q3. Below you can see our config oxd-conf.json file. As you can see, the remove_expired_clients is false, already. When I asked about non-expiring credentials, I meant how can I set manually both konga clients/secret?. I understand for next release will be removed the second client, but at moment, how can I configure GG to use two clients created by me, client 1 & client 2? Q2. In this file /opt/gluu-gateway/konga/config/local.js, can be set only one client. Q4. If I set manually "any" oxd ID during GG setup, will it work?. Can the oxd ID a string define by me? Thank you for your help! Regards, Christian ``` oxd-conf.json { "server_name": "hidden", "port": 8099, "localhost_only": true, "time_out_in_seconds": 0, "use_client_authentication_for_pat": true, "trust_all_certs": true, "trust_store_path": "", "trust_store_password": "", "crypt_provider_key_store_path": "", "crypt_provider_key_store_password": "", "crypt_provider_dn_name": "", "license_id": "hidden", "public_key": "hidden", "public_password": "hidden", "license_password": "hidden", "support-google-logout": true, "state_expiration_in_minutes": 5, "nonce_expiration_in_minutes": 5, "public_op_key_cache_expiration_in_minutes": 60, "protect_commands_with_access_token": false, "uma2_auto_register_claims_gathering_endpoint_as_redirect_uri_of_client": true, "migration_source_folder_path": "", "storage": "h2", "storage_configuration": { "dbFileLocation": "/opt/oxd-server/data/oxd_db" }, "remove_expired_clients":false } ```

By Meghna Joshi staff 13 Jun 2018 at 2:32 a.m. CDT

Copy
Meghna Joshi gravatar
Hello Christian, Q1, Q3, Q2: When you register client using the setup_client command in oxd-http, it creates two clients but don't worry. In the response, it returns oxd_id, client_id and client_secret. Use this client credential and set it in local.js. Q4: oxd_id is not user define, it is autogenerated unique id, return in the response of setup_client and register_site and internally used by oxd-server. Note: If you have already client created by using Gluu UI(oxtrust) then you first need to register your client in oxd using the setup_client command

Post an answer