4.1. Overview

The IDentia Trusted IdP is equipped with a set of admin GUI functions to ease configuration and enable dynamic configuration. The admin console provides the following GUI functions: IdP Information, Attribute Config, RP Register, and Audit.

IdP Information displays the default IdP status and the IdP SAML metadata.

Attribute Config provides the necessary GUI functions for configuring multiple LDAP and defines the necessary user attribute mapping.

RP Register provides GUI functions to allow admin to manually register RPs.

Audit displays the log of user authentication request to IdP and status of each request, and provides the necessary search functions for a given user ID or Common Name (CN).

 

4.2. Accessing the IdP Admin GUI

Before you access the IdP Admin GUI, you first need to create the Admin’s credentials. The Admin’s credentials are configured in the identia-users.xml file in the IdP server’s conf directory (i.e. /opt/idp-tomcat7/conf). Open the file and you can uncomment and edit the section where user roles and user username/password are identified. To access the IdP Admin GUI, you need to start the ApacheDS service first, followed by starting up the IdP tomcat server. Once both servers are started, you can access the IdP’s Admin GUI via web browser at https://[idpdomain]:[portnumber]/idp. For instance, using the default configuration, the Trusted IdP Admin page is at https://samlidp.identia.net:4443/idp.  The Trusted IdP Admin GUI will ask you to provide the admin’s username/password. Once you’ve authenticated yourself as the admin, you will have access to the Trusted IdP Admin GUI

 

4.3.  IdP Information

The IdP Information page displays the operating environment information, identity provider information and relying party configuration. It displays all RP’s that are registered to the IdP. Any changes to the RPs made in the RP Register page will be reflected in the relying party configuration.

Figure 1

 

Viewing the IdP’s metadata:

  • To view the IdP’s metadata, click on View Metadata, this will launch a Metadata window where you can view the IdP’s metadata in tree structure.

Figure 2

 

 

  • To view the metadata in xml format, click on the .XML View

Figure 3

 

 

4.4.  Attribute Config

The Attribute Config page allows you to manage LDAP connections and define user attribute mapping.

Figure 4
Configuring a new LDAP Connection:

A new LDAP connection can be added by following these steps:

Click on Add Connection, this will launch a new window for editing connection parameters.

Figure 5

 

  1. Enter a value for each LDAP connection parameter field and click Add
  2. Your new LDAP connection is added to the table, click Refresh Attribute Files to update the configuration files.

 

Configuring LDAP attributes:

  1. To see a list of attributes for a LDAP connection, click on Attributes, this will launch a window with a list of the LDAP’s attributes.

Figure 6

 

  1. To remove an attribute, click on the remove button.
  2. To add an attribute back, go to the dropdown list at the bottom of the window. Select the attribute you wand to add and click Add.

Figure 7

 

  1. After making changes, click Refresh Attribute Files to update the configuration files.

Deleting a LDAP Connection:

  1. To delete an existing LDAP connection, click on the remove button to the right of the connection.
  2. Click Refresh Attribute Files to update the configuration files.

 

4.5.  RP Register

The RP Register page allows you to register RPs to the IdP.

Figure 8
Adding a RP by specifying an URL:

  1. Click on Add RP, this will launch an Add RP window.
  2. Select URL and enter the values for the RP parameters.

Figure 9

 

  1. Click Save, your new RP will be added to the URL table
  2. Click Refresh RP Registry to update the configuration files.

Adding a RP manually:

    1. Click on Add RP, and select Create in the Add RP window.

Figure 10

 

  1. Enter the values for the RP parameters and click Create.
  2. Your new RP will be added to the Created table
  3. Click Refresh RP Registry to update the configuration files

Viewing a RP’s metadata:

    1. Click on Metadata for the RP, this will launch a view metadata window where you can view the RP’s metadata in tree structure.

rp_metadata

Figure 11

 

  1. To view the metadata in xml format, click on .XML View

Removing a RP registration:

  1. To delete a RP registration, click on the remove button to the right of the RP.
  2. Click Refresh RP Registry to update the configuration files.

 

4.6.  Audit

The Audit page displays a log of user activities, providing monitor active user sessions. The Audit menu provides two audit options: Browser and Search.   The Browser option displays a chronological event list of user login/logout activities. The Search option provides an IdP admin user with search functions to retrieve specific user login/logout events from the IdP’s log file.   You may search for user name, time, or specific IP address.

audit

Figure 12
Authentication Event Browsing:

The Browser function allows you to monitor authentication activity on the server. Start or stop the monitor by clicking the Start or Stop buttons. All user activity is displayed in a live stream (event list is refreshed every second).

browsing

Figure 13
Searching for User Authentication Events:

To search for user login events, please follow these steps:

    1. Click on the Search tab

search

Figure 14

 

  1. Enter a keyword into the search field.
  2. Click the Submit The search results will appear below the menu.

 

reults

Figure 15

 

<< Installing Trusted IdP and RP

Authentication Through the IdP >>