feat: adding configuration and logs details

Signed-off-by: Arnab Dutta <[email protected]>

Author: duttarnab

docs/admin/admin-ui/auth-server-interaction.md

@@ -0,0 +1,47 @@
+---
+tags:
+- administration
+- admin-ui
+- interaction
+---
+# Interaction with Jans Auth Server
+
+This user-friendly interface facilitates interaction with the [Jans Auth Server](https://docs.jans.io) through a REST API layer known as the [Jans Config API](https://docs.jans.io/v1.0.16/admin/config-guide/config-api). Here, we'll explore the working mechanism of the Gluu Flex Admin UI, focusing on its interaction with the Jans Auth Server and the key steps involved.
+
+## The Authorization Code Flow
+
+When accessing the Gluu Flex Admin UI through a web browser, the following steps are involved in the Authorization Code Flow:
+
+1. The user accesses the Gluu Flex Admin UI frontend through a web browser.
+2. The frontend initiates the Authorization Code Flow by redirecting the user to the login page of the authorization server (`jans-auth-server`) for user authentication.
+3. The authorization server authenticates the end-user and obtains their consent/authorization.
+4. Upon successful authentication, the authorization server sends an authorization `code` and a `state` to the frontend. The frontend verifies the state.
+5. The frontend sends a request for a User-Info JWT (`UJWT`) response using the authorization code to the Admin UI Backend. The Admin UI Backend is a plugin of the Jans Config API.
+6. The Admin UI Backend utilizes the authorization code to first obtain an access token (`AT1`) from the token endpoint of the authorization server.
+7. With AT1, the backend fetches the User-Info JWT (`UJWT`) from the authorization server and forwards it to the frontend.
+8. The frontend stores the UJWT and its claims, including the user's role (`jansAdminUIRole`) and other relevant information, in the Redux store.
+
+## API Protection and Scopes
+
+To ensure security and access control, Gluu Flex Admin UI leverages API protection and scopes:
+
+1. The Jans Config API's endpoints are protected and can only be accessed using an API protection token (`AT2`) with the required scopes.
+2. To generate an API protection token (`AT2`), the frontend requests the Token Server (`jans-auth-server`) via the backend. The Token Server and Authorization Server can be the same or different.
+3. The Token Server employs an introspection script that validates the `UJWT` and refers to the role-scope mapping in the Jans Auth Server persistence.
+4. The introspection script validates the UJWT and includes the appropriate scopes in AT2 based on the user's role.
+5. The frontend receives AT2 and associated scopes from the backend.
+6. Features in the frontend are enabled or disabled based on the scopes provided in AT2.
+
+## Accessing Config-API Endpoints
+
+To access config-api endpoints, the following steps are taken:
+
+1. The Admin UI frontend requests AT2 from the Token Server through the backend.
+2. Armed with AT2, the frontend sends a request to the desired config-api endpoint. AT2 is included in the authorization header, along with other request parameters.
+3. At the Jans Config API, AT2 is validated, and the provided scopes are verified to ensure the necessary scope for the requested endpoint is present.
+4. If the above steps are successful, the requested data is fetched from the Jans Config API and forwarded to the frontend.
+
+## Conclusion
+
+The Gluu Flex Admin UI simplifies the process of managing configuration and features of the Jans Auth Server through an intuitive graphical user interface. By following the Authorization Code Flow and leveraging API protection and scopes, the Gluu Flex Admin UI ensures secure and controlled interaction with the Jans Auth Server's REST API layer. This seamless interaction empowers administrators to efficiently manage the Jans Auth Server's settings while adhering to strict access controls and security protocols.
+

docs/admin/admin-ui/configuration.md

@@ -0,0 +1,99 @@
+---
+tags:
+- administration
+- admin-ui
+- configuration
+---
+
+# Configuration
+
+This document outlines the configuration process for Gluu Flex Admin UI, with a focus on essential components stored in the Auth Server's persistence layer. These components include role-permission mapping, OIDC client details for accessing the Auth Server, OIDC client details for accessing the Token Server, OIDC client details for accessing the License Server, and license metadata.
+
+## Configuration Components
+
+### Role-Permission Mapping
+
+[Role-permission](./admin-menu.md/) mapping defines which administrative roles are granted specific permissions within the Gluu Flex Admin UI. This mapping ensures that administrators can only access and modify functionalities relevant to their roles.
+
+The mapping is stored in json format with following attributes.
+
+**Roles**
+|Attribute Name|Description|
+|--------------|-----------|
+|roles|Array of all roles|
+|role|Role name|
+|description| Role description|
+
+**Permissions**
+|Attribute Name|Description|
+|--------------|-----------|
+|permissions|Array of all available permissions|
+|permission|Permission name|
+|description| Permission description|
+|defaultPermissionInToken|If set to `true`, it indicates that permission will need authentication and valid role during `/token` request to include in token|
+
+**Mapping**
+|Attribute Name|Description|
+|--------------|-----------|
+|rolePermissionMapping| List of all role-permission mapping|
+|role|Role name|
+|permission|Array of all permission mapped to the role|
+
+
+### OIDC Client Details for Auth Server
+
+To establish secure communication with the Auth Server, Gluu Flex Admin UI requires the OIDC client details, including client ID and client secret. These details are used for authentication and authorization purposes.
+
+The information is stored in json format with following attributes.
+
+|Attribute Name|Description|
+|--------------|-----------|
+|authServerClient|Object with Auth Server client details|
+|opHost|Auth Server hostname|
+|clientId| Client Id of OIDC client used to access Auth server|
+|clientSecret| Client Secret of OIDC client used to access Auth server|
+|scopes|Scopes required for Admin UI authentication|
+|acrValues|ACR required for Admin UI authentication|
+|redirectUri|Redirect UI which is Admin UI home page|
+|postLogoutUri|Url to be redirected after Admin UI logout|
+|frontchannelLogoutUri|Front channel Logout Uri|
+
+
+### OIDC Client Details for Token Server
+
+Similarly, Gluu Flex Admin UI needs OIDC client details to interact with the Token Server. This enables the UI to request and manage access tokens required to access protected resources.
+
+The information is stored in json format with following attributes.
+
+|Attribute Name|Description|
+|--------------|-----------|
+|tokenServerClient|Object with Token Server client details|
+|opHost|Token Server hostname|
+|clientId| Client Id of OIDC client used to access Token server|
+|clientSecret| Client Secret of OIDC client used to access Token server|
+|tokenEndpoint|Token endpoint of token server|
+
+### OIDC Client Details for License Server
+
+Access to the License APIs is managed through OIDC client details. These details allows the Gluu Flex Admin UI Backend to generated access token to allow the retrieval of license-related information using license APIs.
+
+The information is stored in json format with following attributes.
+
+|Attribute Name|Description|
+|--------------|-----------|
+|opHost|Auth Server hostname used to generate token to access License APIs|
+|clientId| Client Id of OIDC client used to generate token to access License APIs|
+|clientSecret| Client Secret of OIDC client used to generate token to access License APIs|
+
+### License Metadata
+
+License metadata includes relevant information about the Gluu Flex Admin UI's licensing, such as License Key, Hardware id, License server url, License Auth server url, SSA used to register license auth server client.
+
+The information is stored in json format with following attributes.
+
+|Attribute Name|Description|
+|--------------|-----------|
+|licenseConfig|Object with License configuration details|
+|ssa|SSA used to register OIDC client to access license APIs|
+|scanLicenseApiHostname| SCAN License server hostname|
+|licenseHardwareKey|Hardware key (org_id) to access license APIs|

docs/admin/admin-ui/fido-menu.md

@@ -1,3 +1,9 @@
+---
+tags:
+- administration
+- admin-ui
+- fido2
+---
 # FIDO Configuration
 
 [FIDO 2.0](https://fidoalliance.org/) (FIDO2) is an open authentication standard that enables people to leverage common devices to authenticate to online services in both mobile and desktop environments.

docs/admin/admin-ui/logs.md

@@ -0,0 +1,28 @@
+---
+tags:
+- administration
+- admin-ui
+- installation
+- logs
+---
+
+# Logs
+
+Log files are essential components of a web application's infrastructure as they provide valuable insights into its functioning, performance, and potential issues. Log files play a critical role in maintaining, troubleshooting, and monitoring the Gluu Flex Admin UI application. Understanding the different log types, their locations, and the process of accessing and analyzing them will empower administrators to efficiently manage the application's health and quickly address any issues that may arise. 
+
+## Log File Types
+
+The Gluu Flex Admin UI generates two types of log files:
+
+- **adminui.log**: This is the backend log file that captures various activities, errors, and events related to the Gluu Flex Admin UI's operation. It provides insights into the application's behavior and potential issues.
+- **adminuiAudit.log**: This audit log file records user interactions, actions, and events related to administrative activities. It's particularly useful for tracking changes made to the system and ensuring accountability.
+
+## Configuration of Log Locations
+
+The log locations for Gluu Flex Admin UI can be configured by modifying the log4j2-adminui.xml file located at:
+
+```
+/opt/jans/jetty/jans-config-api/custom/config/log4j2-adminui.xml
+```
+
+Within this configuration file, you can adjust various settings such as log levels, appenders, and formats.

docs/admin/admin-ui/services-menu.md

@@ -1,3 +1,10 @@
+---
+tags:
+- administration
+- admin-ui
+- services
+- cache-configuration
+---
 # Services
 
 This menu allows user to configure Cache Provider and LDAP schemas which can be used by the auth server.

docs/admin/admin-ui/smtp-menu.md

@@ -1,3 +1,9 @@
+---
+tags:
+- administration
+- admin-ui
+- smtp
+---
 # SMTP Configuration
 
 The description of all the fields in SMTP configuration form:

mkdocs.yml

@@ -127,15 +127,18 @@ nav:
     - 'Configuration': 'admin/config.md'
     - 'Admin UI':
         - 'Introduction': 'admin/admin-ui/introduction.md'
+        - 'Auth Server Interaction': 'admin/admin-ui/auth-server-interaction.md'
+        - 'Configuration': 'admin/admin-ui/configuration.md'
+        - 'Logs': 'admin/admin-ui/logs.md'
         - 'Left Navigation Menu': 'admin/admin-ui/left-nav-menu.md'
-        - 'Home': 'admin/admin-ui/dashboard.md'
-        - 'Admin': 'admin/admin-ui/admin-menu.md'
-        - 'Auth server': 'admin/admin-ui/auth-server-menu.md'
-        - 'Schema': 'admin/admin-ui/schema-menu.md'
-        - 'Services': 'admin/admin-ui/services-menu.md'
-        - 'FIDO': 'admin/admin-ui/fido-menu.md'
-        - 'SMTP': 'admin/admin-ui/smtp-menu.md'
-        - 'Users': 'admin/admin-ui/userMgmt-menu.md'
+          - 'Home': 'admin/admin-ui/dashboard.md'
+          - 'Admin': 'admin/admin-ui/admin-menu.md'
+          - 'Auth server': 'admin/admin-ui/auth-server-menu.md'
+          - 'Schema': 'admin/admin-ui/schema-menu.md'
+          - 'Services': 'admin/admin-ui/services-menu.md'
+          - 'FIDO': 'admin/admin-ui/fido-menu.md'
+          - 'SMTP': 'admin/admin-ui/smtp-menu.md'
+          - 'Users': 'admin/admin-ui/userMgmt-menu.md'
     - 'Flex Recipes':
         - 'admin/recipes/README.md'
         - 'Getting Started with Rancher': 'admin/recipes/getting-started-rancher.md'