Skoruba.Duende.IdentityServer.Admin v3 🚀

Modern admin UI for Duende IdentityServer and ASP.NET Core Identity.

---

Versions

• ✅ Stable (production): v2.7.0
  https://github.com/skoruba/Duende.IdentityServer.Admin/tree/release/2.7.0

• 🎉 Next generation (v3 – preview) – current prerelease: 3.0.0-preview.22

  • React + TypeScript + Tailwind CSS + shadcn/ui
  • .NET 10 backend REST API
  • New monitoring and wizard flows

---

Administration UI Preview

The UI is built with Tailwind CSS and shadcn/ui components.

🧭 Dashboard (Light)

🌙 Dashboard (Dark)

🧙‍♂️ Client Creation – Wizard Flow

📋 Client Creation – Summary

💼 Client Management

📡 Monitoring

Define and track configuration rules for clients, API resources, and identity resources:

• Flag deprecated OAuth 2.1 flows
• Enforce required scopes
• Validate naming conventions
• Warn about expired client secrets

🧱 Configuration Rules

🧩 Configuration Issues

📈 Monitoring Dashboard

Solution Structure

---

✅ Prerequisites

• .NET 10 SDK
• Node.js 18+ and npm (required for the React client)
• SQL Server (default LocalDB) or PostgreSQL
• Duende IdentityServer 7.4.5

Note: Using older .NET versions may cause 502.5 errors on IIS or application startup failures.

---

📦 Installation via dotnet new Template

🔒 Database note:
This template includes default EF migrations. Review them and back up your database before applying.

ℹ️ Migration note from IdentityServer4.Admin:
The UserSecretsId for Admin, Admin API, and STS projects remains the same as in the older Skoruba.IdentityServer4.Admin solution to ease config migration. If you still have secrets from the old project on your machine, they will be reused (e.g., ApplySeed could point at your old DB). Change or clear user secrets if you need isolation.

1. Install the template

dotnet new install Skoruba.Duende.IdentityServer.Admin.Templates::3.0.0-preview.22

2. Create a new project

dotnet new skoruba.duende.isadmin \
  --name MyProject \
  --title MyProject \
  --adminemail "admin@example.com" \
  --adminpassword "Passw0rd-123" \
  --adminrole MyRole \
  --adminclientid MyClientId \
  --adminclientsecret MyClientSecret \
  --dockersupport true \
  --requirepushedauthorization true

Template Options

| Option | Description | | ------------------------------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | --name | Project name | | --title | Admin UI title and footer text | | --adminemail | Initial admin email | | --adminpassword | Initial admin password | | --adminrole | Role name used for admin authorization | | --adminclientid | Client ID for the Admin UI OIDC client | | --adminclientsecret | Client secret for the Admin UI OIDC client | | --dockersupport | Include Docker support (true / false) | | --requirepushedauthorization | Require PAR for admin client (true / false, default true). Note: PAR requires Duende IdentityServer Business Edition or higher. More info |

---

🚀 Quick Start – Local Development

Note: This section is for developers who want to clone and contribute to the repository. If you want to use the template, see the section above.

The solution contains three runnable services:

| Service | Project | Purpose | | ------------- | -------------------------------------------- | ------------------------------- | | STS | Skoruba.Duende.IdentityServer.STS.Identity | IdentityServer + authentication | | Admin API | Skoruba.Duende.IdentityServer.Admin.Api | REST API backend | | Admin UI | Skoruba.Duende.IdentityServer.Admin | SPA host |

1. Clone the repository

git clone https://github.com/skoruba/Duende.IdentityServer.Admin
cd Duende.IdentityServer.Admin

2. Install React dependencies (first run only)

cd src/Skoruba.Duende.IdentityServer.Admin.UI.Client
npm install
cd ../..

3. Run the services

Open three terminals and run:

# Terminal 1: STS (IdentityServer)
cd src/Skoruba.Duende.IdentityServer.STS.Identity
dotnet run

# Terminal 2: Admin API
cd src/Skoruba.Duende.IdentityServer.Admin.Api
dotnet run

# Terminal 3: Admin UI Host
cd src/Skoruba.Duende.IdentityServer.Admin
dotnet run

4. Default local URLs

| Service | URL | | ------------- | ----------------------------------------------------- | | STS | https://localhost:44310 | | Admin API | https://localhost:44302 | | Admin UI | Check console output (usually https://localhost:7127) |

By default, database migrations and seed data are enabled in Admin API (ApplyDatabaseMigrations, ApplySeed).

---

🐳 Running via Docker (Optional)

Tip: For the fastest onboarding, use the dotnet run approach above. Docker requires custom domain and certificates.

DNS Configuration

Update your hosts file to resolve skoruba.local:

Windows: C:\Windows\System32\drivers\etc\hosts
Linux / macOS: /etc/hosts

127.0.0.1 skoruba.local sts.skoruba.local admin.skoruba.local admin-api.skoruba.local

Certificates Setup

Use mkcert to generate self-signed local certificates.

Windows

cd shared/nginx/certs
mkcert --install
copy $env:LOCALAPPDATA\mkcert\rootCA-key.pem ./cacerts.pem
copy $env:LOCALAPPDATA\mkcert\rootCA.pem ./cacerts.crt

# Generate skoruba.local certificates
mkcert -cert-file skoruba.local.crt -key-file skoruba.local.key skoruba.local *.skoruba.local
mkcert -pkcs12 skoruba.local.pfx skoruba.local *.skoruba.local

macOS / Linux

cd shared/nginx/certs
mkcert -install

# Copy root certificates (adjust paths for your system)
# macOS: ~/Library/Application\ Support/mkcert/
# Linux: ~/.local/share/mkcert/
cp "$(mkcert -CAROOT)/rootCA-key.pem" ./cacerts.pem
cp "$(mkcert -CAROOT)/rootCA.pem" ./cacerts.crt

# Generate skoruba.local certificates
mkcert -cert-file skoruba.local.crt -key-file skoruba.local.key skoruba.local *.skoruba.local
mkcert -pkcs12 skoruba.local.pfx skoruba.local *.skoruba.local

Run Docker Compose

docker-compose build
docker-compose up -d

Docker setup is based on bravecobra's repository – thanks! 😊

Docker Images

Docker images are available on Docker Hub.

To publish images, check build/publish-docker-images.ps1 and update the profile name.

---

---

🗄️ EF Core & Data Access

DbContexts

The solution uses the following DbContext classes:

• AdminIdentityDbContext – ASP.NET Core Identity data
• AdminLogDbContext – Logging data
• IdentityServerConfigurationDbContext – IdentityServer configuration store
• IdentityServerPersistedGrantDbContext – IdentityServer operational store
• AuditLoggingDbContext – Audit logging
• `IdentityServe