Administration
Dorian Identity Provider
Dorian: Administrators Guide | Developers Guide | Users Guide | caGrid: Documentation Guides
Overview
In large production Web/Grid service deployments it is anticipated that most users will leverage their existing user accounts for obtaining PKI credentials from Dorian. For supporting other scenarios Dorian has its own built in identity provider that allows users to register for and be granted local accounts with Dorian, such that they may leverage Dorian in the same manner that users with existing accounts from registered identity providers may. These scenarios include (1) smaller deployments, (2) deployments where there are no existing identity providers, (3) deployments where some users don't have an identity provider, (4) for users that may not be affiliated with an Identity Provider, and (5) development and testing purposes.
The Dorian IdP provides a method for prospective users to register for an account. When users register they create a user id and password which they can subsequently use to authenticate with the Dorian IdP. When a user authenticates, the Dorian IdP provides the user with a SAML assertion, which can then be used to authenticate with Dorian to obtain a PKI credential. By default the Dorian Identity Provider is registered as a trusted identity provider with Dorian.
An account with the Dorian Identity Provider consists of the following information:
| Attribute |
Description |
|---|---|
| Username | The unique identifier for the account within the Dorian IdP. |
| Password | The password for the account, used in authenticating with the Dorian IdP. |
| First Name |
The first name of the user whom owns the account. |
| Last Name |
The last name of the user whom owns the account. |
| Organization | The organization that the user belongs to. |
| Address | The street address of the user. |
| Address2 | Second line of the user's street address. |
| City | The city the user resides in. |
| State |
The state the user resides in. |
| Zip Code |
The zip code of the area the user resides in. |
| Country |
The country the user resides in. |
| Email |
The user's email address. |
| Phone Number |
The user's phone number. |
| Account Status |
The user's account status (Active, Pending, Rejected, Suspended) |
| Account Role |
Whether or not the user may administrate the Dorian Identity Provider. |
| Audit Information |
Description |
|---|---|
| Registration |
Documents when the user registered for the account. |
| LocalAccountUpdated |
Documents when the account was updated. |
| LocalAccountRemoved |
Documents when the account was removed. |
| LocalAccountLocked |
Documents when the account was locked because of invalid logins. |
| PasswordChanged |
Documents when the password for an account is changed. |
| SuccessfulLogin |
Documents when the user successfully logs in. |
| InvalidLogin |
Documents when a user fails to log in. |
| LocalAccessDenied |
Documents when a user attempts to access functions of the Dorian IdP that they don't have permission to access. |
and is capable of operating as a Level of Assurance 1 or Level of Assurance 2 identity provider.