Configuring AdminUI

AdminUI configuration is set using environment variables. These can be setup in different forms, including a web.config file, a docker-compose.yml file or Azure appsettings.

AdminUI Configuration Settings (UI)

• AuthorityUrl The IdentityServer installation protecting AdminUI
• ApiUrl The AdminUI backend website
• UiUrl The AdminUI frontend website
• AdminUIClientSecret The AdminUI client shared secret value in plain text
• DataProtection Used for configuration of Cookie protection and peristence.
• Persistence - The type of persistence can be FileSystem or Database, these require different setup as shown below
  • Type - FileSystem
  • Location - Location to persist keys
  • OR
  • Type - Database
  • DbProvider Supported types and their values are:
    • SqlServer
    • MySql (Note: AdminUI requires the MySQL setting lower_case_table_names to be false)
    • PostgreSql
  • DataProtectionConnectionString - The connection string for the data protection database

• Protection The certficate or keyvault that will protect the cookies. The two available types are KeyVault and Certifcate. A Certificate can be provided by location or by thumbprint.

  • Type - KeyVault
  • KeyIdentifier - The Azure KeyVault certificate identifier used for key encryption.
  • ClientId - The Application Client Id
  • ClientSecret - (Optional) The client secret to use for authentication. Optional valid only for Azure hosted scenarios
  • Vault - The KeyVault public Uri
  • OR
  • Type - Certificate

  To protect with certificate you can provide either a thumbprint or a location: - CertificateType - Thumbprint - Thumbprint - The thumbprint of the certficate that is installed either for the user or the machine. Location: - OR - CertificateType - File - Location - The location on disk of the certificate - Password (Optional) - The password for the certificate

env.js

• AuthorityUrl The IdentityServer installation protecting AdminUI
• ApiUrl The AdminUI backend website
• UiUrl The AdminUI frontend website
• AddUserPassword Allows for setting a users password on creation (this is for demo purposes only, do not use in production), see more here

AdminUI Configuration Settings (API)

• DbProvider Supported types and their values are:
  • SqlServer
  • MySql (Note: AdminUI requires the MySQL setting lower_case_table_names to be false)
  • PostgreSql
• IdentityConnectionString The connection string for the Identity database (Users, Claim Types, Roles etc.)
• IdentityServerConnectionString The connection string for the IdentityServer database (Clients, Resources, Persited Grants etc.)
• OperationalConnectionString (Optional) The connection string for the Presisted Grants DbContext. If not supplied, AdminUI will use the IdentityServerConnectionString
• DataProtectionConnectionString (Optional) The connection string for the DataProtectionKey DbContext. If not supplied, AdminUI will use the IdentityServerConnectionString. Only needs configuring if you are using a database to store protection keys in the UI.
• AuthorityUrl The IdentityServer installation protecting the API
• UiUrl The AdminUI frontend
• RequireHttpsMetadata When true ensures IdentityServer discovery endpoint uses TLS. Should be true for production
• LicenseKey A valid license key for AdminUI
• AdminUIClientSecret The AdminUI client shared secret value in plain text
• PasswordPolicy:RequireDigit Defaults to true
• PasswordPolicy:RequireLowercase Defaults to true
• PasswordPolicy:RequireNonAlphanumeric Defaults to true
• PasswordPolicy:RequireUppercase Defaults to true
• PasswordPolicy:RequiredLength Defaults to 6
• PasswordPolicy:RequiredUniqueChars Defaults to 1
• UsernamePolicy:AllowedUserNameCharacters Defaults to abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-._@+
• UsernamePolicy:RequireUniqueEmail Defaults to true
• AuditRecordsConnectionString The database connection string for AdminUI audits, if missing will default to the IdentityServerConnectionString

• AuditRecordsCulture Language used for generation of audit records, if missing or invalid will default to English en-GB.

  Supported languages are: - de German - zh-TW Chinese (Traditional) - zh-CN Chinese (Simplified) - es Spanish - fr French - AuditReadActions Defaults to true. If false, no audit records will be generated for read actions (e.g when a user views resources though AdminUI)

• LoggingMinimumLevel Defaults to info. Supported logging levels are

  • debug
  • info
  • warning
  • error
  • critical
• LoggingOutputTemplate Defaults to [{Timestamp:dd-MM-yyyy HH:mm:ss} {Level}] {Message}{NewLine}{Exception}. For more infomation see the serilog docs.