To enable users to use their existing credentials to gain access to Web/Grid Services, their organization's identity provider must be added or registered to Dorian as a trusted identity provider. Before registering an identity provider with Dorian, each organization must implement and operate an Authentication Service for their identity provider. The Authentication Service provides a standard Web/Grid service interface for authenticating with organizational identity providers in a Web/Grid service environment. This standard interface is very important when it comes to building applications as it allows applications to authenticate users with any identity provider without needing to know the specific on how to interact with each type of identity provider.
Once an organization's Authentication Service is operational, the identity provider for the organization can be added to Dorian as a trusted identity provider.
Adding an Identity Provider Using the GAARDS UI
The GAARDS UI enables Dorian administrators to add or register identity providers with Dorian. To register an identity provider with Dorian, please complete the following steps:
From the Account Management menu select the Grid Account Management sub menu, then select Trusted Identity Provider(s) this will launch the Trusted Identity Provider(s) Window.
From the Service drop down, select the Dorian you wish to search.
Click the Add button, this will launch the Add Trusted Identity Provider Window.
Select the General tab.
In the Name text box enter the name of the identity provider.
In the Display Name text box enter the display name of the identity provider.
From the User Policy drop down, select the user policy or account policy for the identity provider.
Under Acceptable Authentication Methods, select the check boxes for the authentication methods that are acceptable for the identity provider being added.
Select the Authentication Service tab.
In the Authentication Service URL text box enter the service URL of the organization's Authentication Service.
In the Authentication Service Identity text box enter the service identity of the organization's Authentication Service.
Select the Certificate tab.
Click the Import Certificate button, this will launch a file browser.
Browse to the X.509 certificate (PEM format) which corresponds to the private key that is used to sign the SAML Assertions issued by the identity provide (Authentication Service) being added.
Click the Open button, this should populate the certificate fields in the Certificate tab.
Select the Attributes tab.
In the User Id Attribute Namespace text box enter the namespace that the identity provider uses for the user id attribute in the SAML Assertions it issues.
In the User Id Attribute text box enter the name that the identity provider uses for the user id attribute in the SAML Assertions it issues.
In the First Name Attribute Namespace text box enter the namespace that the identity provider uses for the first name attribute in the SAML Assertions it issues.
In the First Name Attribute text box enter the name that the identity provider uses for the first name attribute in the SAML Assertions it issues.
In the Last NameAttribute Namespace text box enter the namespace that the identity provider uses for the last name attribute in the SAML Assertions it issues.
In the Last NameAttribute text box enter the name that the identity provider uses for the last name attribute in the SAML Assertions it issues.
In the EmailAttribute Namespace text box enter the namespace that the identity provider uses for the email attribute in the SAML Assertions it issues.
In the EmailAttribute text box enter the name that the identity provider uses for the email attribute in the SAML Assertions it issues.
Click the Add button, this will immediately register the identity provider to Dorian as a trusted identity provider.
Administration
