AdminUI is configured using a set of variables that can be provided in various ways, these methods are described here.
AdminUI Settings Structure
Note: In AdminUI 4.2.0 and 5.1.0 onwards, the env.js file is no longer used for configuration and changes do not need to be made to this file. It can be removed if you choose.
Logging Settings
AzureAppServiceLogging(Optional) Used for debugging the API - see the enable logging page for more details.LoggingMinimumLevelDefaults toinfo. Supported logging levels aredebuginfowarningerrorcritical
LoggingOutputTemplateDefaults to[{Timestamp:dd-MM-yyyy HH:mm:ss} {Level}] {Message}{NewLine}{Exception}. For more infomation see the serilog docs.
Database Settings
DbProviderSupported types and their values are:SqlServerMySql(Note: AdminUI requires the MySQL settinglower_case_table_namesto befalse)PostgreSql
IdentityConnectionStringThe connection string for the Identity database (Users, Claim Types, Roles etc.)OpenIddictConnectionStringThe connection string for the OpenIddict server database (Applications, Scopes, Authorizations and Tokens)DataProtectionConnectionString(Optional) The connection string for the DataProtectionKey DbContext. If not supplied, AdminUI will use theOpenIddictConnectionString. Only needs configuring if you are using a database to store protection keys.
AdminUI Configuration
AuthorityUrlThe OpenIddict server installation protecting AdminUIUiUrlThe AdminUI websiteAdminUIClientIdThe AdminUI client ID, defaults toadmin_uiAdminUICustomScopeNameThe AdminUI custom scope name, default value isadmin_apiAdminUIProfileCustomScopeNameThe AdminUI profile custom scope name, default value isadmin_ui_profileAdminUIClientSecretThe AdminUI client shared secret value in plain textWebhookClientIdThe Webhook client ID, defaults toadmin_ui_webhooksWebhookClientSecretThe Webhook client secret, defaults to a new GUIDRequireHttpsMetadataWhentrueensures OpenIddict discovery endpoint uses TLS. Should be true for productionLicenseKeyA valid license key for AdminUIDisableBootstrapIftrue, bootstrapping will not run on app startup. More information about bootstrapping can be found here. Defaults tofalse.ServeUiIftrue, SPA will be served by AdminUI using packaged static files. Defaults totrue.PasswordPolicyRequireDigitDefaults totrueRequireLowercaseDefaults totrueRequireNonAlphanumericDefaults totrueRequireUppercaseDefaults totrueRequiredLengthDefaults to6RequiredUniqueCharsDefaults to1
UsernamePolicyAllowedUserNameCharacters- Defaults toabcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-._@+RequireUniqueEmailDefaults totrue
ReferenceTokenOptionsUseReferenceTokens...Secret...
FeatureFlagsDefaultUserValidationDefaults totrue. If set to false AdminUI will not prompt you to remove the default user if present.AddUserPasswordDefaults tofalse. Iftrue, allows for setting a users password on creation (this is for demo purposes only, do not use in production), see more hereEnableEnforcerAuthorizationDefaults tofalse. If set to true will use the Enforcer authorization engine for more fine grained access control.
CustomGrantTypesList of strings that will be suggested as part of the APIsSupportedLanguagesList of strings of culture codes that will provide languages to be configured in some Scopes and Applications settings. Example for English, Spanish and French: ["en", "es", "fr"]CustomAccessPoliciesList ofAccessPolicyOptionobjects. Used to add access permissions to AdminUI. More detail.AccessPolicyOptionSingle permission rule entry.TypeValuePermissionOptions are:NoneUserManagerReadOnlyUserManagerAuthorizationServerManagerReadOnly(OpenIddict Manager ReadOnly)AuthorizationServerManager(OpenIddict Manager)AllReadOnlyAll
CustomClaimTypesList of ClaimTypes to add on top of the default ones in the UI. Each of these ClaimTypes have the following settings:IdRequiredNameRequiredDisplayNameDescriptionIsRequiredValueTypeOptions are:StringIntDateTimeBooleanEnum
RegularExpressionValidationRuleRegularExpressionValidationFailureDescriptionAllowedValuesList of strings
Webhooks
WebhookOptionsUsed to configure webhooks credentials and endpoints.ClientIdClientSecretWebhooksDictionary to configure the 4 webhooks AdminUI provides. Options are:UserRegistrationPasswordResetMfaReset- Each of these webhooks have the following settings:
UrlScopesSingle string of whitespace separated scopes list
Data Protection
DataProtectionUsed for configuration of Cookie protection and peristence.Persistence- The type of persistence can be FileSystem or Database, these require different setup as shown belowType- FileSystemLocation- Location to persist keys
ORType- DatabaseDbProviderSupported types and their values are:SqlServerMySql(Note: AdminUI requires the MySQL settinglower_case_table_namesto befalse)PostgreSql
ProtectionThe certficate or keyvault that will protect the cookies. The two available types are KeyVault and Certifcate. A Certificate can be provided by location or by thumbprint.Type- KeyVaultKeyIdentifier- The Azure KeyVault certificate identifier used for key encryption.ClientId- The Application Client IdVault- The KeyVault public UriSecret- (Optional) The client secret to use for authentication. Optional valid only for Azure hosted scenarios
ORType- Certificate (To protect with certificate you can provide either a thumbprint or a location)CertificateType- ThumbprintThumbprint- The thumbprint of the certificate that is installed either for the user or the machine.
ORType- Certificate (To protect with certificate you can provide either a thumbprint or a location)CertificateType- FileLocation- The location on disk of the certificate. We recommend using a PFX file as private key access is necessary.Password(Optional) - The password for the certificate