NQRust-Identity

NQRust-Identity Guides
- Overview
- Overview
  Phase 1: Install Identity
  Phase 2: Configure Portal
  Add a new client
  Configuring NQRust-Identity
  Configuring NQRust-Identity for production
  Bootstrapping and recovering an admin account
  Directory Structure
  Configuring TLS
  Configuring the hostname
  Configuring a reverse proxy
  Configuring the database
  Configuring distributed caches
  Configuring outgoing HTTP requests
  Configuring trusted certificates
  Configuring trusted certificates for mTLS
  Enabling and disabling features
  Configuring providers
  Configuring logging
  FIPS 140-2 support
  Configuring the Management Interface
  Importing and exporting realms
  Using a vault
  All configuration
  All provider configuration
  Centralize your observability stack with OpenTelemetry
  Tracking instance status with health checks
  Gaining insights with metrics
  Monitoring user activities with event metrics
  Monitoring performance with Service Level Indicators
  Troubleshooting using metrics
  Root cause analysis with tracing
  Visualizing activities in dashboards
  Analyzing outliers and errors with exemplars
  Planning for securing applications and services
  Securing applications and services with OpenID Connect
  NQRust-Identity JavaScript adapter
  NQRust-Identity Node.js adapter
  Configuring the mod_auth_openidc Apache HTTPD Module
  NQRust-Identity SAML Galleon feature pack for WildFly and EAP
  Configuring the mod_auth_mellon Apache Module
  Using the client registration service
  Automating client registration with the CLI
  Integrating with Model Context Protocol (MCP)
  Configuring and using token exchange
  JWT Authorization Grant
  Specifications implemented
  NQRust-Identity admin client
  NQRust-Identity authorization client
  NQRust-Identity policy enforcer
  Upgrading the NQRust-Identity Client Libraries
  High availability overview
- Ikhtisar
- Ikhtisar
  Fase 1: Instalasi Identity
  Fase 2: Konfigurasi Portal
  Tambah client baru
  Mengonfigurasi NQRust-Identity
  Mengonfigurasi NQRust-Identity untuk produksi
  Bootstrap dan pemulihan akun admin
  Struktur Direktori
  Mengonfigurasi TLS
  Mengonfigurasi hostname
  Mengonfigurasi reverse proxy
  Mengonfigurasi database
  Mengonfigurasi cache terdistribusi
  Mengonfigurasi outgoing HTTP requests
  Mengonfigurasi sertifikat tepercaya
  Mengonfigurasi sertifikat tepercaya untuk mTLS
  Mengaktifkan dan menonaktifkan fitur
  Mengonfigurasi provider
  Mengonfigurasi logging
  Dukungan FIPS 140-2
  Mengonfigurasi Management Interface
  Mengimpor dan mengekspor realm
  Menggunakan vault
  Semua konfigurasi
  Semua konfigurasi provider
  Sentralisasi observability stack dengan OpenTelemetry
  Melacak status instance dengan health check
  Mendapatkan insight dengan metrics
  Memantau aktivitas pengguna dengan event metrics
  Memantau performa dengan Service Level Indicators
  Troubleshooting menggunakan metrics
  Analisis root cause dengan tracing
  Memvisualisasikan aktivitas di dashboard
  Menganalisis outlier dan error dengan exemplars
  Perencanaan keamanan aplikasi dan service
  Mengamankan aplikasi dan service dengan OpenID Connect
  NQRust-Identity JavaScript adapter
  NQRust-Identity Node.js adapter
  Mengonfigurasi modul mod_auth_openidc Apache HTTPD
  NQRust-Identity SAML Galleon feature pack untuk WildFly dan EAP
  Mengonfigurasi modul mod_auth_mellon Apache
  Menggunakan client registration service
  Otomatisasi client registration dengan CLI
  Integrasi dengan Model Context Protocol (MCP)
  Mengonfigurasi dan menggunakan token exchange
  JWT Authorization Grant
  Spesifikasi yang diimplementasikan
  NQRust-Identity admin client
  NQRust-Identity authorization client
  NQRust-Identity policy enforcer
  Upgrade NQRust-Identity Client Libraries
  Ikhtisar high availability

NQRust-Identity Guides

Identity Management, Simplified

NQRust-Identity Guides

Step-by-step guides to configure, deploy, and secure your NQRust-Identity instance.

Installation

Installation Overview

Prerequisites and airgapped installer setup.

Phase 1: Install Identity

Configure hostname, ports, and deploy Identity + Portal containers.

Phase 2: Configure Portal

Create OAuth client, realm role, user, and link the Portal.

Add a new client

Register an additional OAuth client (e.g. NQRust Analytics) and assign it to users.

Server

Configuring NQRust-Identity

Configure and start NQRust-Identity.

Configuring for production

Prepare NQRust-Identity for use in production.

Bootstrapping and recovering an admin account

Bootstrap and recover access by creating a temporary admin account.

Directory Structure

Understand the purpose of directories under the installation root.

Configuring TLS

Configure https certificates for ingoing and outgoing requests.

Configuring the hostname

Configure the frontend and backchannel endpoints.

Configuring a reverse proxy

Configure with a reverse proxy, API gateway, or load balancer.

Configuring the database

Configure a relational database to store user, client, and realm data.

Configuring distributed caches

Configure the caching layer to cluster multiple instances.

Configuring outgoing HTTP requests

Configure the client used for outgoing HTTP requests.

Configuring trusted certificates

Configure the Truststore to communicate through TLS.

Configuring trusted certificates for mTLS

Configure Mutual TLS to verify connecting clients.

Enabling and disabling features

Configure NQRust-Identity to use optional features.

Configuring providers

Configure providers for NQRust-Identity.

Configuring logging

Configure logging for NQRust-Identity.

FIPS 140-2 support

Configure the server for FIPS compliance.

Configuring the Management Interface

Configure the management interface for metrics and health checks.

Importing and exporting realms

Import and export realms as JSON files.

Configure and use a vault in NQRust-Identity.

All configuration

Review build options and configuration.

All provider configuration

Review provider configuration options.

Observability

Centralize with OpenTelemetry

OpenTelemetry integration for centralized observability and telemetry data.

Tracking instance status with health checks

Check if an instance is ready to serve requests via health REST endpoints.

Gaining insights with metrics

Collect metrics to gain insights about a running instance.

Monitoring user activities with event metrics

Event metrics provide an aggregated view of user activities.

Monitoring performance with Service Level Indicators

Track performance and reliability with SLIs and SLOs.

Troubleshooting using metrics

Use metrics for troubleshooting errors and performance issues.

Root cause analysis with tracing

Record request lifecycle information to identify root causes for latencies.

Visualizing activities in dashboards

Install Grafana dashboards to visualize metrics and activities.

Analyzing outliers and errors with exemplars

Connect a metric to a recorded trace to analyze root causes.

Securing Applications

Planning for securing applications

Understand basic concepts for securing applications and services.

Securing apps with OpenID Connect

Use OpenID Connect with NQRust-Identity to secure applications.

JavaScript adapter

Client-side JavaScript library to secure web applications.

Node.js adapter

Node.js adapter to protect server-side JavaScript apps.

Configuring mod_auth_openidc

Configure the mod_auth_openidc Apache module.

SAML Galleon feature pack

Use SAML Galleon feature pack to secure WildFly and EAP applications.

Configuring mod_auth_mellon

Configure the mod_auth_mellon Apache module.

Configuring a Docker registry

Configure a Docker registry to use NQRust-Identity.

Using the client registration service

Use the client registration service.

Automating client registration with the CLI

Use the CLI to automate client registration.

Integrating with MCP

Use NQRust-Identity as an authorization server for MCP servers.

Configuring token exchange

Configure and use token exchange.

JWT Authorization Grant

Guide for the JWT Authorization Grant specification RFC 7521 / 7523.

Specifications implemented

List of specifications and standards implemented.

Using the admin client to access the Admin REST API.

Authorization client

Using the authz client to administer and check permissions.

Policy enforcer

Using the policy enforcer in Java applications.

Upgrading the Client Libraries

How to upgrade the NQRust-Identity Client Libraries.

High Availability

High availability overview

Explore the different NQRust-Identity high-availability architectures.

© 2026 NQRust-Identity. All rights reserved.