Docs v2 Outline

• Deployment and Planning Guide
  • Platform Goal
  • Use Cases
  • Components
  • Kubernetes
  • VM Cluster
  • VM Single Instance
  • Persistence
  • Caching
  • Security Best Practices
  • Load Balancers
  • Certificates / Keys
  • DNS
  • Multi-tenancy
  • Benchmarking
  • Application Portal
  • Discovery
  • Customization / Localization
  • Timeout Management (Sessions, Tokens, Applications)
  • Identity Management
  • Self-Service Password / 2FA Portal
  • Identity Access Governance
  • Role Based Access Management
  • Integration with a central Authorization Service
  • Stepped-up Authentication / Adaptive Authentication
  • Delegated User Administration
  • Passwordless Authentication
  • Authenticating non-humans (Machine-to-Machine)
  • FAQ

---

• Installation
  • VM
    • VM requirements
    • Ubuntu
    • EL 8
    • Suse
    • RHEL 8 FIPS DISA STIG
    • Dynamic Download
  • Kubernetes
    • Local
    • Amazon
    • Google
    • Microsoft Azure
    • Red Hat Open Shift
    • Rancher Marketplace
  • CORS configuration
  • FAQ

---

• Upgrade Guide
  • VM
    • Version upgrade paths
    • Backup
    • Rollback
  • Kubernetes
    • Version upgrade paths
    • Backup
    • Rollback
  • FAQ

---

• Reference
  • OpenAPI Documentation
  • Database Schema / Operational Basics
    • LDAP
      • Schema
      • Configuration
      • Operation
      • Namespace Diagram (DIT)
    • Couchbase
      • Schema
      • Configuration
      • Operation
      • Buckets
    • MySQL
      • Schema
      • Configuration
      • Operation
    • Spanner
      • Schema
      • Configuration
      • Operation
    • Postgres
      • Schema
      • Configuration
      • Operation
    • Converting data (e.g. from LDAP to MySQL)
  • JSON Configuration / Properties
    • Auth Server
    • FIDO
    • SCIM
    • Client-API
    • Config API
  • Javadocs
  • Command Line Interface (CLI)
    • Interactive Mode
    • Script Mode
    • Authentication via Device Flow
  • Kubernetes
    • Config and Secret Keys
    • Image Config Properties
      • Config Init
      • Auth Server
      • Config API
      • FIDO
      • SCIM
      • Client API
      • Persistence
      • Gluu Cert Manager
      • Gluu OpenDJ

---

• Developer Guide
  • Interception Script Overview
  • Testing / Debugging scripts
  • Front Channel Context (Browser Session)
  • Back Channel Context
  • Customization
    • Message files
    • Error Pages
    • Login / Consent Pages
    • Internationalization (language support)
  • Scripts
    • Person Authentication
    • Consent Gathering
    • Post Authentication
    • id_token
    • Resource Owner Password Credentials
    • CIBA End User Notification
    • OpenID Configuration
    • Dynamic Scope
    • Spontaneous Scope
    • Application Session
    • End Session
    • Client Registration
    • Introspection
    • Update Token
    • Revoke Token
    • ID Generator
    • UMA RPT Policies
    • UMA Claims Gathering (Web Flow)
    • UMA Claims (JWT Transformation)
    • SCIM
    • Persistence
    • Config API

---

• Auth Server Admin Guide

  • Configuration

    • JSON Properties
    • External Libraries
    • JVM considerations

  • Endpoints

    • Configuration endpoint
    • Client Registration Endpoint
    • Authorization endpoint
    • Token endpoint
    • Userinfo endpoint
    • Token revocation endpoint
    • Session revocation endpoint
    • End session endpoint
    • Clientinfo endpoint
    • Introspection endpoint
    • Device authorization
    • Backchannel authentication endpoint

  • Crypto

    • Supported cryptographic Algorithms
    • Local PKCS key storage
    • Key rotation
    • Jans Eleven configuration
    • How to validate JWTs

  • Session

  • Health

  • Reporting / Metrics

    • Monthly active users
    • Failed / Successful authentications
    • Tokens issued
    • Counts of Users, Clients

  • OpenID Connect features

    • Pairwise / Public subject identifiers
    • id_token (include claims)
    • ACRs
    • Request objects
    • Prompt parameter
    • Consent
      • Customize
      • List / Delete Consents for Person

  • OAuth features

    • Password grant

    • Device grant

    • Client credential grant

    • Returning Group / Role User information

    • Passwordless

    • Forcing re-authentication

    • Web Applications

    • Mobile Applications

    • Single Page Applications

    • Impersonation

    • Social Login

      • Facebook
      • Google
      • Apple

    • Registration

    • Password Expiration

    • Temporarirly locking or permanently disabling accounts

    • Forgot Password

      • Email
      • SMS

    • Multiple Sessions in One Browser

    • Multiple Sessions for many browsers, devices

    • Adaptive Authentication

    • PKCE

    • CIBA

    • JARM

    • DPoP

    • MTLS

    • Custom Request params

    • SIOP

  • API Access Control

    • Access tokens: reference tokens versus value tokens (aka JWT's)
    • Client Credential Grant Flow
    • Using scopes to manage extent of Access
    • Adding user claims into access tokens
    • Software Statements: trusted client registration
    • Using OAuth with API Gateways
    • Using OPA and access tokens
    • Swagger / OpenAPI best practices for security

  • Client Management

    • Client metadata table
    • Client Registration
    • Client Authentication
    • Access Tokens
    • Refresh Tokens
    • Scopes (Default, OpenID, OAuth, Dynamic, Spontaneous)
    • Redirect URIs
    • Grant Types
    • Software Statements
    • Sector Identifier
    • PAR
    • Custom Client Claims

  • FAPI

    • Open Banking Requirements / Federation Operator Role
    • Client Registration
    • MTLS
    • FAPI Authentication Request

  • Logout

    • Front Channel
    • Back Channel
    • Customizing logout
    • Forcing logout on browser exit
    • WebCM based logout with Chrome

  • User Claims (Attributes)

    • Built-in claims
    • Adding custom claims
    • Claim uniqueness / validation

  • UMA

    • Introduction: When to use it
    • Non-browser UMA flows
    • Interacting with users via the claims gathering endpoint

  • International

    • Web Pages (Login, Consent etc)
    • Client Configuration (e.g. Display Name #1057)
    • Scope descriptions

  • Logging

    • Standard logs
    • Log Levels
    • Audit logs
    • Custom logs
    • log4j2 configuration

  • FAQ

---

• Integration Guide
  • Custom Web Development
    • Protecting a website with mod_auth_openidc
    • AppAuth iOS
    • AppAuth Android
    • AppAuth JS
    • Node
    • React
    • React Native
    • Angular
    • Spring Boot
    • Django
    • Flask
    • ASP .Net
  • SAML
    • SSO with SAML SP's
      • Shibboleth IDP with Gluu Server 4
      • SimpleSAML PHP
    • Federation with SAML IDPs
    • SAML IDP Initiated Authentication
  • Applications
    • Rancher
    • Rocket
    • NextCloud
    • Wordpress
    • Magento
    • Teleport
    • Moodle
    • Drupal
  • SaaS provider
    • Office365
    • Salesforce
    • Google
    • Zoom
    • Webex
    • Amazon AWS
    • Jira
    • Docusign
  • Passport-JS
  • Gluu Casa
  • FAQ

---

• Config API Admin
  • Swagger
  • Configuration
  • Security
  • Logs
  • Monitoring
  • Calling the Config API with CURL
  • Calling the Config API with the Command Line Interface (CLI)

---

• FIDO Admin
  • Configuration
  • Vendor metadata management
  • Key management / rotation
  • Logs
  • Monitoring
  • Support for USB authenticators
  • Support for platform authenticators
  • Support for Bluetooth authenticators
  • SCIM Extension to Add/Delete device for Person

---

• SCIM Admin Guide
  • Configuration
  • Logs
  • Monitoring
  • OAuth protection
  • Security considerations
  • Bulk adding users
  • Adding Custom Attributes

---

• Jans Eleven Admin Guide
  • Overview / Architecture
  • Supported Algorithms
  • Swagger
  • How to Configure (properties?)
  • Logs
  • Monitoring (sig|enc operations / other stats?)
  • Health
  • Testing with SoftHSM
  • Testing with Amazon CloudHSM
  • Testing with Google Cloud Key Management
  • Testing end-to-end with Auth Server

---

• Client API Admin Guide
  • OAuth Features
  • OpenID Connect Features
  • UMA Features
  • SIOP Features
  • Swagger
  • Configuration
  • Logs
  • Monitoring
  • Key management
  • SDKs
    • Java

---

• Kubernetes Operation Guide
  • Logs
  • Health Check
  • Restarting pods
  • Secret management
  • Managing istio service mesh
  • FAQ

---

• VM Operation Guide
  • Running setup
  • Backup
  • Logs
  • Checking service status
  • Restarting services
  • Managing key rotation
  • Certificates
  • Web services
  • FAQ

---

• Authentication Script Catalog
  • Gluu Casa
  • FIDO / WebAuthn
  • OTP
  • Super Gluu
  • SMS SMPP
  • SMS Twilio
  • Radius
  • Integrated Windows Authentication (IWA) / SPENGO / Kerberos
  • Email
  • Forgot Password
  • Registration
  • Account Lockout
  • X.509 Certificate
  • Allowed Countries
  • BioID
  • Whispeak
  • Duo Security
  • PingID
  • Deduce
  • PrivacyIdea
  • Vericlouds
  • Stytch
  • Transmit
  • 1Kosmos
  • Gluu Scan API
  • Sign in With Ethereum

---

• Jans Developer Top Level Folder
  • Implementation Design
    • agama
    • fidowallet
    • jans-auth-server
    • jans-cli
    • jans-client-api
    • jans-config-api
    • jans-core
    • jans-eleven
    • jans-fido2
    • jans-notify
    • jans-orm
    • jans-scim
  • CI-CD
    • Jenkins CI (Current)
    • Github CI (Up coming)
    • Release process
  • FAQ