First Configuration

First Configuration

Once the Curity Identity Server has been installed, it is time to configure it for the first time. This tutorial shows how to set up the basic configuration so that the following is running:

  • An Authentication Service
  • A Token Service for OAuth and OpenID Connect

The presented setup relies on the HSQL Database, which is a file based database that cannot be used in production but is contained in the installation, and is useful to quickly get up and running.

Admin UI Overview

Log in to the Admin UI. Open a browser and navigate to https://localhost:6749/admin (or the host where the machine is deployed). Enter the username admin and the password you set during the installation.

If the system is unconfigured, you will see an option to use the basic setup wizard for setting up a basic configuration.

Overview

  1. The sidebar will change depending on what section is visited.
  2. The System menu takes you to system-wide settings such as deployments, events and procedures.
  3. The Profiles menu defines the server functions.
  4. The Recent Work menu lists links to recently visited configuration pages.
  5. The Changes menu includes options for applying, viewing or cancelling configuration changes.
  6. The admin menu allows you to manage admin users.
  7. The Help menu provides helpful links.
  8. The Facilities menu contains all helper services such as data sources, certificates and email or sms services.

The Basic Setup Wizard

To get started click the Run Basic Setup button and walk through the first wizard. It sets up the system in a good starting state. You can also change and adapt any configuration after the wizard finished.

License Key

License Key

First, add a license by uploading an existing license file or import it directly from the Curity Developer Portal. If you do not have a license currently, you can add it later via the System screen and General page from the sidebar.

Token and Session Data Source

Database Setup

The second screen sets up the data source to store tokens and sessions. It can connect to a number of backends, but to get started quickly, just click next to use a local test database. The local test database is an HSQL data source for tokens and sessions called default-datasource. It cannot be used in production and will not work with clusters.

User Data Source

User Database Setup

The users can be stored in different data stores such as SQL, LDAP, SCIM, REST APIs etc. If you do not have any user stores yet, you can use the same test database as in the previous step and just click next.

The hashing algorithm will be used when storing user passwords. The default is ok for a new system.

Email Provider

Email Provider Setup

If the system should be able to send emails for authentication or registration, configure an SMTP service here, otherwise just click next. You can add an email provider via the Facilities menu later at any time.

SMS Provider

SMS Provider Setup

If the system should be able to send SMS messages for authentication, configure an SMS service here, otherwise just click next. You can add an SMS provider via the Facilities menu later at any time.

SSL Certificates

Crypto and SSL

The Curity Identity Server needs keys for securing endpoints with TLS/SSL. During installation, the server created self–signed keys. For a fast setup choose "Use Existing SSL Keys" and then select "default-admin-ssl-keys". Alternatively, upload existing keys or generate new keys with self-signed certificates for testing. To generate keys click "Generate New" and enter the parameters. Then click next.

Token Service Capabilities

Token Service Capabilities

The Token Service profile is the heart of OAuth and OpenID Connect. The profile can be restricted as to which flows are allowed to run. By default, this wizard suggests all flows to be enabled. You can change the list of supported flows from the General page of the Token Service later at any time.

Commit changes

Whenever changes are made in the UI, they are not deployed to the server until the admin commits them. They are kept in a transaction, that will be validated when committed. This ensures that all new configuration states are correct and that no config is invalid. The wizard now lets you commit these directly. If you are happy with the new setup, simply click Commit. If you decide to commit changes later, click on Later. Navigate to the Changes menu and select Commit to commit changes without the wizard.

Commit

All changes are now applied.

Summary

The basic setup wizard has now created a system that contains the following:

  • An Authentication Profile for user authentication
  • A Token Service profile for OAuth and OpenID Connect
  • A deployment (service-role): The runtime configuration needed by the runtime nodes
  • One or two data-sources: one for tokens and optionally a second one for users
  • An Email provider (if selected)
  • An SMS provider (if selected)
  • SSL certificates and signing keys

Next Steps

The system is now ready for OAuth and OpenID Connect. However, before you can start making OAuth calls you must set up user authentication. Follow the next tutorial to configure a username/password authenticator using the same data source as in this tutorial.