Engineering

⌘K
  1. Home
  2. Docs
  3. Engineering
  4. Historical
  5. Gluu

Gluu

In the future, we plan to use Gluu for our identity and authorization provider for intranet purposes. As long as we’re a small team, we use Firebase Authentication & Google Cloud Identity Platform for both customers and intranet. Estimate single-node cost for Gluu Server only is $40/mo or $480/yr (8 GB droplet) plus a shared Load Balancer at $10/mo ($120/yr).

Architecture

Gluu Product Architecture:

Gluu Products

ProductDescription
Gluu ServerIdentity & access management (IAM) platform for web & mobile single sign-on (SSO), two-factor authentication (2FA) and API access management.
Gluu CasaSelf-service web portal for end-users to manage security preferences, like 2FA, for their account in a Gluu Server.
Gluu GatewayAPI Gateway and reverse web proxy for central policy enforcement and access control using OAuth and UMA scopes.
Super GluuTwo-factor authentication (2FA) app for iOS & Android using mobile push notifications and FIDO U2F authentication.
Cluster ManagerGUI tool for installing and managing a highly available, clustered Gluu Server infrastructure on VMs.
oxd OAuth ClientClient software to secure and integrate server-side web applications with an OAuth 2.0 Authorization Server (AS), like the Gluu Server.

Gluu Server: Services

ServiceDescription
consulMandatory service for configuration layer
registrator
vaultMandatory service to store secrets
nginxMandatory service to provide web server
oxauthoxAuth is an OpenID Provider (OP), OAuth2 / UMA Authorization Server (AS), and is the primary authN / Z engine for Gluu
oxtrustAdmin Web UI
ldap
oxpassport
oxshibboleth
redis
radius
vault auto-unseal
oxd_server
key_rotation
cr_rotate
Source: https://gluu.org/docs/gluu-server/4.1/installation-guide/install-docker/

Why Gluu?

(or why an open source self-hosted identity provider instead of SaaS)

Problem is Firebase+GCIdP is only identity provider and no authorization. Since we want to accept more (freelance) contractors/internships, we need to the cost structure of Identity + Authorization infrastructure to scale smoothly. See Security Practices especially the part on Zero Trust.

Open Source: Keycloak (by Red Hat, has flexible ACL, native Rocket.Chat support). Gluu (seems more modern, supports some access management using OAuth scopes & UMA 2). See also: Gluu UMA 2 AS, UMA 2 in Action. Open source is required for fully on-premise. For us, we choose Firebase because cost-effective and we already use Firebase Auth anyway, and miniOrange also develops WordPress Firebase plugin so we don’t need SAML for About Lovia specifically.

Gluu supports several MFA scripts, including a very nice 2FA called Super Gluu with support for passwordless QR Code & push. Compare with Keycloak which only provides Google Authenticator or FreeOTP.

Comparison to Okta: Okta for Workforce has a $1,500/yr minimum (25-60 users). If our costs grow beyond that it’s probably better to move to Okta.

🔗 Security Practices

Install Locally using Docker Compose

playbooks/docker-compose.yml

- hosts: 127.0.0.1
  connection: local
  become: true
  roles:
    - geerlingguy.docker
ansible-playbook playbooks/docker-compose.yml
sudo ./pygluu-compose.pyz up

Map in /etc/hosts

192.168.1.4 amanah-local.lovia.life
Output
ceefour@amanah:~/project/gluu$ sudo ./pygluu-compose.pyz up
[I] Attempting to gather external IP address
[I] Using 192.168.1.4 as external IP address
Creating consul ... done
Creating vault  ... done
[I] Checking Vault status
[I] Initializing Vault with 1 recovery key and token
[I] Vault recovery key and root token saved to vault_key_token.txt
[I] Unsealing Vault manually
[I] Creating Vault policy for Gluu
[I] Enabling Vault AppRole auth
[I] Attempting to gather FQDN from Consul
[W] Unable to get FQDN from Consul; retrying ...
[W] Unable to get FQDN from Consul; retrying ...
[W] Unable to get FQDN from Consul; retrying ...
Enter hostname [demoexample.gluu.org]: amanah.local
Hostname provided is invalid. Please enter a FQDN with the format demoexample.gluu.org
Enter hostname [demoexample.gluu.org]: amanah-local.lovia.life
Enter country code [US]: ID
Enter state [TX]: 
Enter city [Austin]: 
Enter oxTrust admin password: 
Password must be at least 6 characters and include one uppercase letter, one lowercase letter, one digit, and one special character.
Enter oxTrust admin password: ************
Password must be at least 6 characters and include one uppercase letter, one lowercase letter, one digit, and one special character.
Enter oxTrust admin password: ************
Password must be at least 6 characters and include one uppercase letter, one lowercase letter, one digit, and one special character.
Enter oxTrust admin password: ************
Repeat password: ************
Enter LDAP admin password: ************
Repeat password: ************
Enter email [[email protected]]: ***
Enter organization [Gluu]: Lovia Local
[I] Using amanah-local.lovia.life as FQDN
[I] Pulling gluufederation/config-init:4.1.1_01
WARNING - entrypoint - 2020-04-12 20:20:23,608 - Unable to find /app/db/config.json or /app/db/secret.json
INFO - entrypoint - 2020-04-12 20:20:23,608 - Loading parameters from /app/db/generate.json
INFO - pygluu.containerlib.wait - 2020-04-12 20:20:23,624 - Config is ready
INFO - pygluu.containerlib.wait - 2020-04-12 20:20:23,634 - Secret is ready
INFO - entrypoint - 2020-04-12 20:20:23,634 - Generating config and secret.
INFO - entrypoint - 2020-04-12 20:20:28,648 - adding secret 'encoded_salt'
INFO - entrypoint - 2020-04-12 20:20:28,650 - adding config 'orgName'
INFO - entrypoint - 2020-04-12 20:20:28,653 - adding config 'country_code'
INFO - entrypoint - 2020-04-12 20:20:28,655 - adding config 'state'
INFO - entrypoint - 2020-04-12 20:20:28,658 - adding config 'city'
INFO - entrypoint - 2020-04-12 20:20:28,660 - adding config 'hostname'
INFO - entrypoint - 2020-04-12 20:20:28,663 - adding config 'admin_email'
INFO - entrypoint - 2020-04-12 20:20:28,665 - adding config 'default_openid_jks_dn_name'
INFO - entrypoint - 2020-04-12 20:20:28,671 - adding secret 'pairwiseCalculationKey'
INFO - entrypoint - 2020-04-12 20:20:28,677 - adding secret 'pairwiseCalculationSalt'
INFO - entrypoint - 2020-04-12 20:20:28,680 - adding config 'jetty_base'
INFO - entrypoint - 2020-04-12 20:20:28,682 - adding config 'fido2ConfigFolder'
INFO - entrypoint - 2020-04-12 20:20:28,683 - adding config 'admin_inum'
INFO - entrypoint - 2020-04-12 20:20:28,688 - adding secret 'encoded_oxtrust_admin_password'
INFO - entrypoint - 2020-04-12 20:20:28,698 - adding secret 'encoded_ox_ldap_pw'
INFO - entrypoint - 2020-04-12 20:20:28,699 - adding config 'ldap_init_host'
INFO - entrypoint - 2020-04-12 20:20:28,701 - adding config 'ldap_init_port'
INFO - entrypoint - 2020-04-12 20:20:28,702 - adding config 'ldap_port'
INFO - entrypoint - 2020-04-12 20:20:28,703 - adding config 'ldaps_port'
INFO - entrypoint - 2020-04-12 20:20:28,704 - adding config 'ldap_binddn'
INFO - entrypoint - 2020-04-12 20:20:28,706 - adding config 'ldap_site_binddn'
INFO - entrypoint - 2020-04-12 20:20:28,709 - adding secret 'ldap_truststore_pass'
INFO - entrypoint - 2020-04-12 20:20:28,710 - adding config 'ldapTrustStoreFn'
INFO - entrypoint - 2020-04-12 20:20:29,258 - adding secret 'ldap_ssl_cert'
INFO - entrypoint - 2020-04-12 20:20:29,806 - adding secret 'ldap_ssl_key'
INFO - entrypoint - 2020-04-12 20:20:30,775 - adding secret 'ldap_ssl_cacert'
INFO - entrypoint - 2020-04-12 20:20:31,646 - adding secret 'ldap_pkcs12_base64'
INFO - entrypoint - 2020-04-12 20:20:31,655 - adding secret 'encoded_ldapTrustStorePass'
INFO - entrypoint - 2020-04-12 20:20:31,659 - adding secret 'redis_pw'
INFO - entrypoint - 2020-04-12 20:20:31,661 - adding config 'oxauth_client_id'
INFO - entrypoint - 2020-04-12 20:20:31,670 - adding secret 'oxauthClient_encoded_pw'
INFO - entrypoint - 2020-04-12 20:20:31,671 - adding config 'oxauth_openid_jks_fn'
INFO - entrypoint - 2020-04-12 20:20:31,675 - adding secret 'oxauth_openid_jks_pass'
INFO - entrypoint - 2020-04-12 20:20:31,677 - adding config 'oxauth_openid_jwks_fn'
INFO - entrypoint - 2020-04-12 20:20:31,678 - adding config 'oxauth_legacyIdTokenClaims'
INFO - entrypoint - 2020-04-12 20:20:31,679 - adding config 'oxauth_openidScopeBackwardCompatibility'
INFO - entrypoint - 2020-04-12 20:20:33,958 - adding secret 'oxauth_openid_key_base64'
INFO - entrypoint - 2020-04-12 20:20:33,960 - adding config 'oxauth_key_rotated_at'
INFO - entrypoint - 2020-04-12 20:20:40,527 - adding secret 'oxauth_jks_base64'
INFO - entrypoint - 2020-04-12 20:20:40,528 - adding config 'scim_rs_client_id'
INFO - entrypoint - 2020-04-12 20:20:40,530 - adding config 'scim_rs_client_jks_fn'
INFO - entrypoint - 2020-04-12 20:20:40,531 - adding config 'scim_rs_client_jwks_fn'
INFO - entrypoint - 2020-04-12 20:20:40,534 - adding secret 'scim_rs_client_jks_pass'
INFO - entrypoint - 2020-04-12 20:20:40,545 - adding secret 'scim_rs_client_jks_pass_encoded'
INFO - entrypoint - 2020-04-12 20:20:43,504 - adding config 'scim_rs_client_cert_alg'
INFO - entrypoint - 2020-04-12 20:20:43,508 - adding secret 'scim_rs_client_base64_jwks'
INFO - entrypoint - 2020-04-12 20:20:43,509 - adding config 'scim_rs_client_cert_alias'
INFO - entrypoint - 2020-04-12 20:20:50,458 - adding secret 'scim_rs_jks_base64'
INFO - entrypoint - 2020-04-12 20:20:50,459 - adding config 'scim_rp_client_id'
INFO - entrypoint - 2020-04-12 20:20:50,461 - adding config 'scim_rp_client_jks_fn'
INFO - entrypoint - 2020-04-12 20:20:50,462 - adding config 'scim_rp_client_jwks_fn'
INFO - entrypoint - 2020-04-12 20:20:50,465 - adding secret 'scim_rp_client_jks_pass'
INFO - entrypoint - 2020-04-12 20:20:50,476 - adding secret 'scim_rp_client_jks_pass_encoded'
INFO - entrypoint - 2020-04-12 20:20:52,973 - adding secret 'scim_rp_client_base64_jwks'
INFO - entrypoint - 2020-04-12 20:20:59,788 - adding secret 'scim_rp_jks_base64'
INFO - entrypoint - 2020-04-12 20:20:59,790 - adding config 'scim_resource_oxid'
INFO - entrypoint - 2020-04-12 20:20:59,791 - adding config 'passport_rs_client_id'
INFO - entrypoint - 2020-04-12 20:20:59,792 - adding config 'passport_rs_client_jks_fn'
INFO - entrypoint - 2020-04-12 20:20:59,794 - adding config 'passport_rs_client_jwks_fn'
INFO - entrypoint - 2020-04-12 20:20:59,797 - adding secret 'passport_rs_client_jks_pass'
INFO - entrypoint - 2020-04-12 20:20:59,809 - adding secret 'passport_rs_client_jks_pass_encoded'
INFO - entrypoint - 2020-04-12 20:21:02,726 - adding config 'passport_rs_client_cert_alg'
INFO - entrypoint - 2020-04-12 20:21:02,729 - adding secret 'passport_rs_client_base64_jwks'
INFO - entrypoint - 2020-04-12 20:21:02,731 - adding config 'passport_rs_client_cert_alias'
INFO - entrypoint - 2020-04-12 20:21:09,682 - adding secret 'passport_rs_jks_base64'
INFO - entrypoint - 2020-04-12 20:21:09,683 - adding config 'passport_resource_id'
INFO - entrypoint - 2020-04-12 20:21:09,685 - adding config 'passport_rs_client_cert_alias'
INFO - entrypoint - 2020-04-12 20:21:09,686 - adding config 'passport_rp_client_id'
INFO - entrypoint - 2020-04-12 20:21:09,688 - adding config 'passport_rp_ii_client_id'
INFO - entrypoint - 2020-04-12 20:21:09,691 - adding secret 'passport_rp_client_jks_pass'
INFO - entrypoint - 2020-04-12 20:21:09,692 - adding config 'passport_rp_client_jks_fn'
INFO - entrypoint - 2020-04-12 20:21:09,694 - adding config 'passport_rp_client_jwks_fn'
INFO - entrypoint - 2020-04-12 20:21:09,696 - adding config 'passport_rp_client_cert_fn'
INFO - entrypoint - 2020-04-12 20:21:09,697 - adding config 'passport_rp_client_cert_alg'
INFO - entrypoint - 2020-04-12 20:21:13,601 - adding secret 'passport_rp_client_base64_jwks'
INFO - entrypoint - 2020-04-12 20:21:13,603 - adding config 'passport_rp_client_cert_alias'
INFO - entrypoint - 2020-04-12 20:21:20,794 - adding secret 'passport_rp_jks_base64'
INFO - entrypoint - 2020-04-12 20:21:21,420 - adding secret 'passport_rp_client_cert_base64'
INFO - entrypoint - 2020-04-12 20:21:21,423 - adding secret 'passportSpKeyPass'
INFO - entrypoint - 2020-04-12 20:21:21,424 - adding config 'passportSpTLSCACert'
INFO - entrypoint - 2020-04-12 20:21:21,426 - adding config 'passportSpTLSCert'
INFO - entrypoint - 2020-04-12 20:21:21,427 - adding config 'passportSpTLSKey'
INFO - entrypoint - 2020-04-12 20:21:21,430 - adding secret 'passportSpJksPass'
INFO - entrypoint - 2020-04-12 20:21:21,432 - adding config 'passportSpJksFn'
INFO - entrypoint - 2020-04-12 20:21:21,997 - adding secret 'passport_sp_cert_base64'
INFO - entrypoint - 2020-04-12 20:21:22,600 - adding secret 'passport_sp_key_base64'
INFO - entrypoint - 2020-04-12 20:21:22,604 - adding secret 'ssl_cert_pass'
INFO - entrypoint - 2020-04-12 20:21:22,704 - adding secret 'ssl_cert'
INFO - entrypoint - 2020-04-12 20:21:22,707 - adding secret 'ssl_key'
INFO - entrypoint - 2020-04-12 20:21:22,708 - adding config 'idp_client_id'
INFO - entrypoint - 2020-04-12 20:21:22,719 - adding secret 'idpClient_encoded_pw'
INFO - entrypoint - 2020-04-12 20:21:22,721 - adding config 'shibJksFn'
INFO - entrypoint - 2020-04-12 20:21:22,724 - adding secret 'shibJksPass'
INFO - entrypoint - 2020-04-12 20:21:22,735 - adding secret 'encoded_shib_jks_pw'
INFO - entrypoint - 2020-04-12 20:21:23,657 - adding secret 'shibIDP_cert'
INFO - entrypoint - 2020-04-12 20:21:24,280 - adding secret 'shibIDP_key'
INFO - entrypoint - 2020-04-12 20:21:25,105 - adding secret 'shibIDP_jks_base64'
INFO - entrypoint - 2020-04-12 20:21:25,106 - adding config 'shibboleth_version'
INFO - entrypoint - 2020-04-12 20:21:25,108 - adding config 'idp3Folder'
INFO - entrypoint - 2020-04-12 20:21:25,210 - adding secret 'idp3SigningCertificateText'
INFO - entrypoint - 2020-04-12 20:21:25,213 - adding secret 'idp3SigningKeyText'
INFO - entrypoint - 2020-04-12 20:21:25,287 - adding secret 'idp3EncryptionCertificateText'
INFO - entrypoint - 2020-04-12 20:21:25,290 - adding secret 'idp3EncryptionKeyText'
INFO - entrypoint - 2020-04-12 20:21:26,120 - adding secret 'sealer_jks_base64'
INFO - entrypoint - 2020-04-12 20:21:26,143 - adding secret 'sealer_kver_base64'
INFO - entrypoint - 2020-04-12 20:21:26,145 - adding config 'api_rs_client_jks_fn'
INFO - entrypoint - 2020-04-12 20:21:26,146 - adding config 'api_rs_client_jwks_fn'
INFO - entrypoint - 2020-04-12 20:21:26,150 - adding secret 'api_rs_client_jks_pass'
INFO - entrypoint - 2020-04-12 20:21:26,161 - adding secret 'api_rs_client_jks_pass_encoded'
INFO - entrypoint - 2020-04-12 20:21:29,408 - adding config 'api_rs_client_cert_alg'
INFO - entrypoint - 2020-04-12 20:21:29,412 - adding secret 'api_rs_client_base64_jwks'
INFO - entrypoint - 2020-04-12 20:21:29,413 - adding config 'api_rs_client_cert_alias'
INFO - entrypoint - 2020-04-12 20:21:29,415 - adding config 'oxtrust_resource_server_client_id'
INFO - entrypoint - 2020-04-12 20:21:29,416 - adding config 'oxtrust_resource_id'
INFO - entrypoint - 2020-04-12 20:21:36,531 - adding secret 'api_rs_jks_base64'
INFO - entrypoint - 2020-04-12 20:21:36,532 - adding config 'api_rp_client_jks_fn'
INFO - entrypoint - 2020-04-12 20:21:36,534 - adding config 'api_rp_client_jwks_fn'
INFO - entrypoint - 2020-04-12 20:21:36,537 - adding secret 'api_rp_client_jks_pass'
INFO - entrypoint - 2020-04-12 20:21:36,547 - adding secret 'api_rp_client_jks_pass_encoded'
INFO - entrypoint - 2020-04-12 20:21:39,375 - adding secret 'api_rp_client_base64_jwks'
INFO - entrypoint - 2020-04-12 20:21:39,377 - adding config 'oxtrust_requesting_party_client_id'
INFO - entrypoint - 2020-04-12 20:21:47,328 - adding secret 'api_rp_jks_base64'
INFO - entrypoint - 2020-04-12 20:21:47,329 - adding config 'api_test_client_id'
INFO - entrypoint - 2020-04-12 20:21:47,333 - adding secret 'api_test_client_secret'
INFO - entrypoint - 2020-04-12 20:21:47,334 - adding config 'gluu_radius_client_id'
INFO - entrypoint - 2020-04-12 20:21:47,344 - adding secret 'gluu_ro_encoded_pw'
INFO - entrypoint - 2020-04-12 20:21:47,354 - adding secret 'radius_jwt_pass'
INFO - entrypoint - 2020-04-12 20:21:58,001 - adding secret 'radius_jks_base64'
INFO - entrypoint - 2020-04-12 20:21:58,005 - adding secret 'gluu_ro_client_base64_jwks'
INFO - entrypoint - 2020-04-12 20:21:58,006 - adding config 'scim_test_client_id'
INFO - entrypoint - 2020-04-12 20:21:58,009 - adding secret 'scim_test_client_secret'
INFO - entrypoint - 2020-04-12 20:21:58,010 - adding config 'couchbaseTrustStoreFn'
INFO - entrypoint - 2020-04-12 20:21:58,010 - Saving config to backend.
INFO - entrypoint - 2020-04-12 20:21:58,177 - Saving config to /app/db/config.json.
INFO - entrypoint - 2020-04-12 20:21:58,177 - Saving secret to backend.
INFO - entrypoint - 2020-04-12 20:21:58,458 - Saving secret to /app/db/secret.json.
Creating oxauth      ... done
Creating ldap        ... done
Creating nginx       ... done
Creating registrator ... done
Creating oxtrust     ... done
[I] Checking entries in persistence
[I] Pulling gluufederation/persistence:4.1.1_01
INFO - pygluu.containerlib.wait - 2020-04-12 20:27:03,659 - Config is ready
INFO - pygluu.containerlib.wait - 2020-04-12 20:27:03,672 - Secret is ready
INFO - pygluu.containerlib.wait - 2020-04-12 20:27:04,723 - LDAP is ready
WARNING - entrypoint - 2020-04-12 20:27:07,623 - Waiting for index to be ready; reason=No Such Entry: The entry 'ds-cfg-attribute=del,cn=Index,ds-cfg-backend-id=userRoot,cn=Backends,cn=config' does not exist; retrying in 10 seconds
WARNING - entrypoint - 2020-04-12 20:27:18,667 - Waiting for index to be ready; reason=No Such Entry: The entry 'ds-cfg-attribute=del,cn=Index,ds-cfg-backend-id=userRoot,cn=Backends,cn=config' does not exist; retrying in 10 seconds
WARNING - entrypoint - 2020-04-12 20:27:29,156 - Waiting for index to be ready; reason=No Such Entry: The entry 'ds-cfg-attribute=del,cn=Index,ds-cfg-backend-id=userRoot,cn=Backends,cn=config' does not exist; retrying in 10 seconds
WARNING - entrypoint - 2020-04-12 20:27:39,575 - Waiting for index to be ready; reason=No Such Entry: The entry 'ds-cfg-attribute=del,cn=Index,ds-cfg-backend-id=userRoot,cn=Backends,cn=config' does not exist; retrying in 10 seconds
WARNING - entrypoint - 2020-04-12 20:27:50,016 - Waiting for index to be ready; reason=No Such Entry: The entry 'ds-cfg-attribute=del,cn=Index,ds-cfg-backend-id=userRoot,cn=Backends,cn=config' does not exist; retrying in 10 seconds
WARNING - entrypoint - 2020-04-12 20:28:00,494 - Waiting for index to be ready; reason=No Such Entry: The entry 'ds-cfg-attribute=del,cn=Index,ds-cfg-backend-id=userRoot,cn=Backends,cn=config' does not exist; retrying in 10 seconds
WARNING - entrypoint - 2020-04-12 20:28:11,006 - Waiting for index to be ready; reason=No Such Entry: The entry 'ds-cfg-attribute=del,cn=Index,ds-cfg-backend-id=userRoot,cn=Backends,cn=config' does not exist; retrying in 10 seconds
WARNING - entrypoint - 2020-04-12 20:28:21,635 - Waiting for index to be ready; reason=No Such Entry: The entry 'ds-cfg-attribute=del,cn=Index,ds-cfg-backend-id=userRoot,cn=Backends,cn=config' does not exist; retrying in 10 seconds
WARNING - entrypoint - 2020-04-12 20:28:32,118 - Waiting for index to be ready; reason=No Such Entry: The entry 'ds-cfg-attribute=del,cn=Index,ds-cfg-backend-id=userRoot,cn=Backends,cn=config' does not exist; retrying in 10 seconds
WARNING - entrypoint - 2020-04-12 20:28:42,569 - Waiting for index to be ready; reason=No Such Entry: The entry 'ds-cfg-attribute=del,cn=Index,ds-cfg-backend-id=userRoot,cn=Backends,cn=config' does not exist; retrying in 10 seconds
WARNING - entrypoint - 2020-04-12 20:28:53,026 - Waiting for index to be ready; reason=No Such Entry: The entry 'ds-cfg-attribute=del,cn=Index,ds-cfg-backend-id=userRoot,cn=Backends,cn=config' does not exist; retrying in 10 seconds
WARNING - entrypoint - 2020-04-12 20:29:03,528 - Waiting for index to be ready; reason=No Such Entry: The entry 'ds-cfg-attribute=del,cn=Index,ds-cfg-backend-id=userRoot,cn=Backends,cn=config' does not exist; retrying in 10 seconds
WARNING - entrypoint - 2020-04-12 20:29:14,091 - Waiting for index to be ready; reason=No Such Entry: The entry 'ds-cfg-attribute=del,cn=Index,ds-cfg-backend-id=userRoot,cn=Backends,cn=config' does not exist; retrying in 10 seconds
INFO - entrypoint - 2020-04-12 20:29:24,564 - Importing base.ldif file
INFO - entrypoint - 2020-04-12 20:29:35,731 - Importing attributes.ldif file
WARNING - entrypoint - 2020-04-12 20:29:42,462 - Unable to add entry with DN inum=B52A,ou=attributes,o=gluu; reason=session terminated by server; retrying in 10 seconds
INFO - entrypoint - 2020-04-12 20:30:13,239 - Importing scopes.ldif file
INFO - entrypoint - 2020-04-12 20:30:16,561 - Importing scripts.ldif file
INFO - entrypoint - 2020-04-12 20:30:27,486 - Importing configuration.ldif file
INFO - entrypoint - 2020-04-12 20:30:29,319 - Importing scim.ldif file
INFO - entrypoint - 2020-04-12 20:30:29,976 - Importing oxidp.ldif file
INFO - entrypoint - 2020-04-12 20:30:32,166 - Importing oxtrust_api.ldif file
INFO - entrypoint - 2020-04-12 20:30:33,387 - Importing passport.ldif file
INFO - entrypoint - 2020-04-12 20:30:34,208 - Importing oxpassport-config.ldif file
INFO - entrypoint - 2020-04-12 20:30:34,583 - Importing gluu_radius_base.ldif file
INFO - entrypoint - 2020-04-12 20:30:35,678 - Importing gluu_radius_server.ldif file
INFO - entrypoint - 2020-04-12 20:30:36,422 - Importing clients.ldif file
INFO - entrypoint - 2020-04-12 20:30:37,153 - Importing oxtrust_api_clients.ldif file
INFO - entrypoint - 2020-04-12 20:30:38,346 - Importing scim_clients.ldif file
INFO - entrypoint - 2020-04-12 20:30:39,562 - Importing o_metric.ldif file
INFO - entrypoint - 2020-04-12 20:30:40,328 - Importing gluu_radius_clients.ldif file
INFO - entrypoint - 2020-04-12 20:30:40,708 - Importing passport_clients.ldif file
INFO - entrypoint - 2020-04-12 20:30:41,791 - Importing scripts_casa.ldif file
INFO - entrypoint - 2020-04-12 20:30:43,597 - Importing people.ldif file
INFO - entrypoint - 2020-04-12 20:30:43,985 - Importing groups.ldif file
INFO - entrypoint - 2020-04-12 20:30:44,736 - Importing o_site.ldif file
[I] Launching Gluu Server ...........
[I] Gluu Server installed successfully; please visit https://amanah-local.lovia.life

oxTrust admin UI: https://amanah-local.lovia.life (initially it uses self-signed SSL certificate). Username: admin.

Tasks

  1. Setup SSL certificate
  2. Setup SMTP
    • oxTrust > Configuration > Organization configuration > SMTP Server Configuration
  3. Test password reset: https://amanah-local.lovia.life/identity/person/passwordReminder.htm

How can we help?