# Gluu Server The Gluu Server is a free, open-source Identity and Access Management (IAM) platform designed to provide centralized authentication, authorization, and identity federation services. It's built on open web standards and is suitable for organizations seeking secure and scalable identity solutions for web and mobile applications. # Gluu Server CE Administration ## ๐Ÿ” Step 1: SSH Into the Host Machine From your local terminal, connect to your Gluu server host: ``` ssh root@your-gluu-server-ip ``` Replace `your-gluu-server-ip` with your actual IP address or hostname. --- ## ๐Ÿ“ฆ Step 2: Log In to the Gluu Chroot Environment Gluu runs inside a chroot container. Enter it with: ``` /sbin/gluu-serverd login ``` Youโ€™ll know you're inside when your prompt changes (e.g., `[gluu@gluu ~]#`). --- ## ๐Ÿ“ Step 3: Navigate the Gluu File Structure Core services are found under: ``` cd /opt/gluu/jetty/ ``` - **oxauth**: OAuth2/OpenID Connect Provider - **identity**: Admin UI (oxTrust) - **idp**: SAML IDP - **scim**: SCIM User Management - **fido2**: FIDO2 Service - **casa**: User Self-Service Portal --- ## ๐Ÿ“œ Step 4: View Logs for Troubleshooting Check the most recent log lines for a service. Example (oxAuth): ``` tail -n 50 /opt/gluu/jetty/oxauth/logs/oxauth.log ``` Replace `oxauth` with the appropriate service name as needed. --- ## ๐Ÿ” Step 5: Restart Gluu Services ### Option A: Using a Script ``` /root/restart-gluu.sh ``` ### Option B: Manual Service Restart ``` cd /opt/gluu/jetty/oxauth nohup java -jar ../../jetty/start.jar > oxauth.log 2>&1 & ``` Repeat for other services like `identity`, `idp`, etc. --- ## ๐Ÿ” Step 6: Check Running Java Services Use this to verify if services are active: ``` ps aux | grep java | grep -v grep ``` --- ## ๐Ÿ” Step 7: Verify Java Truststore for Certificates Ensure custom certs are loaded: ``` keytool -list -keystore /etc/ssl/certs/java/cacerts -storepass 'your-password' | grep gluu ``` --- ## ๐Ÿšช Step 8: Exit the Chroot Environment To return to the regular Linux shell: ``` exit ``` --- ## ๐Ÿ“ Summary - ๐Ÿ› ๏ธ Use `/sbin/gluu-serverd login` to manage Gluu internals - ๐Ÿงญ Services located at `/opt/gluu/jetty/` - ๐Ÿ“ˆ Logs help debug services under `/logs` - ๐Ÿ” Use `keytool` to verify Java truststore certificates ๐Ÿ’ก **Tip:** Always ensure your certificates are trusted by the JVM for SSL-based connections to succeed! # Gluu Server certificate import into Java truststore and service restart ## ๐Ÿ“Œ Summary - โœ”๏ธ Extracted cert using OpenSSL - โœ”๏ธ Imported cert to Java's `cacerts` truststore - โœ”๏ธ Restarted Gluu Jetty services - โœ”๏ธ Verified fix for SSL trust errors h2>๐Ÿ”ง Trusting Gluu Self-Signed Certificate in Java Truststore ### 1๏ธโƒฃ SSH Into the Server ``` ssh root@your-server-ip ``` ### 2๏ธโƒฃ Enter Gluu Chroot Environment To access Gluu's internal environment: ``` /sbin/gluu-serverd login ``` --- ### 3๏ธโƒฃ Extract Gluu Certificate Use OpenSSL to pull the self-signed cert and save it: ``` openssl s_client -showcerts -connect gluu.mslspartners.com:443 /etc/certs/gluu-full-chain.crt ``` --- ### 4๏ธโƒฃ Import Certificate into Java Truststore #### ๐Ÿงน Delete previous cert (if exists): ``` keytool -delete -alias gluu-remote \ -keystore /etc/ssl/certs/java/cacerts \ -storepass 'D0m@in@dm!n' ``` #### ๐Ÿ“ฅ Import new cert: ``` keytool -import -alias gluu-remote \ -keystore /etc/ssl/certs/java/cacerts \ -trustcacerts -file /etc/certs/gluu-full-chain.crt \ -storepass 'D0m@in@dm!n' -noprompt ``` #### โœ… Confirm: ``` keytool -list -keystore /etc/ssl/certs/java/cacerts \ -storepass 'D0m@in@dm!n' | grep gluu-remote ``` --- ### 5๏ธโƒฃ Restart Gluu Jetty Services Restart each service manually or with a script. #### ๐Ÿ’ก Sample Script: `/root/restart-gluu.sh` ``` #!/bin/bash cd /opt/gluu/jetty/oxauth && nohup java -jar ../../jetty/start.jar > oxauth.log 2>&1 & sleep 5 cd /opt/gluu/jetty/identity && nohup java -jar ../../jetty/start.jar > identity.log 2>&1 & sleep 5 cd /opt/gluu/jetty/idp && nohup java -jar ../../jetty/start.jar > idp.log 2>&1 & sleep 5 cd /opt/gluu/jetty/scim && nohup java -jar ../../jetty/start.jar > scim.log 2>&1 & sleep 5 cd /opt/gluu/jetty/fido2 && nohup java -jar ../../jetty/start.jar > fido2.log 2>&1 & sleep 5 cd /opt/gluu/jetty/casa && nohup java -jar ../../jetty/start.jar > casa.log 2>&1 & ``` #### ๐Ÿ“ฆ Run it: ``` /root/restart-gluu.sh ``` --- ### 6๏ธโƒฃ Verify Java Services ``` ps aux | grep java | grep -v grep ``` --- ### 7๏ธโƒฃ Troubleshoot Certificate Path Issues If you see this error: ``` Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target ``` โœ… That means the certificate is not trusted by Java. Re-check your import steps. ---