Aegaeon is a java app. To run it, you basically need a servlet container. Tomcat, jetty, Wildfly, weblogic (my condolences) or any
other should work. Being a Spring Boot application, you can also use boot's embedded server.
To run Aegaeon, you will need :
- A MySQL database
- A java server (I use tomcat)
- An HTTP server (I use nginx)
PostgreSQL could probably be used instead of MySQL but is untested currently.
Aegaeon is open source and available under Apache 2.0 license. If you want to build it, grab the source from Github using git :
git clone https://github.com/n4devca/aegaeon.git
After downloading the source, use maven to create a deployable war :
cd aegaeon && mvn -DskipTests package
You will find the war under target directory.
Aegaeon use spring @ConditionalOnProperty annotation to allow you to disable part of the server you may not need.
Features are grouped under different modules. Each module can be controlled by editing spring's boot application.yml or from the command line.
Modules are :
||Openid / OAuth authorization and token endpoint.
||Enable the login page.
||Enable the information endpoints (jwk publishing and server info).
||Enable the home page.
||Enable the user account management.
||Enable clients and users administration.
||Enable the introspect endpoint.
To enable or disable a module using the application.yml, simply fetch the source, open the file src/main/resources/application.yml
and set your module to true or false under aegaeon: modules: section.
When completed, rebuild Aegaeon with maven (see Build it).
If prefer to run prebuild war file, building Aegaeon to change a module can be inconvenient. Instead, you may use command line arguments to enable or disable
one or more modules.
Beeing a spring's boot application, there are many way to change configuration values at runtime. See here for a complete
list : Externalized Configuration - Spring Boot
An example :
JWT token keys
Following successful authentication and authorization, an openid server create tokens and return these tokens to one of your client to be consume
by your resource server. These tokens are usually created using some cryptographic algorithm.
A set of public/private keys is required by Aegaeon to generate these tokens correctly. Future version will include a setup wizard allowing
you to create keys automatically but you need to do it by youself currently. Fortunately, there is a convenient project called
json-web-key-generator you can use to create your key file.
Please follow these steps (you can rename mykeys.jwks):
git clone https://github.com/mitreid-connect/json-web-key-generator.git
cd json-web-key-generator && mvn -DskipTests package
java -jar json-web-key-generator-0.4-SNAPSHOT-jar-with-dependencies.jar -i HMAC -t oct -s 512 -S -o mykeys.jwks
java -jar json-web-key-generator-0.4-SNAPSHOT-jar-with-dependencies.jar -i RSA -t RSA -s 2048 -S -o mykeys.jwks
Move the jwks file to another folder and note the path.