Skip to content

This guide shows how to migrate from Gluu 4.x to Gluu Flex.

Migration steps#

  1. Create a fresh flex K8s setup based on your preferred environment.

  2. Write all your existing configurations as code using the Janssen terraform provider. You can check this doc to know the benefits of this approach and how to implement it.

  3. Test applying the configuration through Terraform. Ensure no delta between the old Gluu 4.x and Gluu flex, and verify the changes using the admin-ui/TUI.

  4. Move the sensitive data from the old setup to the new one, honoring any changes such as custom attributes and users.

Terraform configuration example#

Firstly, you have to initialize and configure the Janssen terraform provider. You can follow this doc to complete this.

Once completed, let's showcase how to move existing gluu4 clients and interception scripts using Terraform.

Note

The examples are meant for demonstration purposes. You should adjust them as needed.

Clients Migration#

We will use the jans_oidc_client resource.

Add the following to clients.tf:

resource "jans_oidc_client" "gluu4_migrated_client" {
  display_name                  = "Gluu4 migrated client"
  description                   = "Client migrated from Gluu4 to Flex"
  redirect_uris                 = ["https://demoexample.gluu.org/admin"]
  token_endpoint_auth_method    = "none"
  subject_type                  = "pairwise"
  grant_types                   = ["authorization_code"]
  response_types                = ["code"]
  disabled                      = false
  trusted_client                = true
  application_type              = "web"
  scopes                        = ["inum=F0C4,ou=scopes,o=jans"]
  persist_client_authorizations = true
  access_token_as_jwt           = false
}

Interception scripts Migration#

We will use the jans_script resource.

Add the following to scripts.tf:

resource "jans_script" "gluu_migrated_script" {
  dn                   = "inum=CACD-5901,ou=scripts,o=jans"
  inum                 = "CACD-5901"
  name                 = "scan_client_registration"
  description          = "Scan Client Registration Script"
  script               = file("script.py")
  script_type          = "client_registration"
  programming_language = "python"
  level                = 100
  revision             = 1
  enabled              = true
  modified             = false
  internal             = false
  location_type        = "db"
  base_dn              = "inum=CACD-5901,ou=scripts,o=jans"

  module_properties {
    value1      = "v1"
    value2      = "v2"
    description = null
  }
}

You can run terraform apply and review the created resources in the Admin-UI/TUI.

Last update: 2025-02-10
Created: 2025-02-10