Access Keys:
Skip to content (Access Key - 0)

GAARDS UI

Using the GAARDS UI with the Dorian Identity Provider

Contents

Registering with the Dorian Identity Provider

Dorian: Administrators Guide | Developers Guide | Users Guide | caGrid: Documentation Guides

The Dorian Identity Provider allows any user to register for an account. Whether or not the account is immediately approved depends on the policy of the party(s) operating Dorian. For example, some instances of Dorian may not require any identity vetting (e-authentication level of assurance (1)), in which case the account can be automatically approved. For many instances of Dorian, strict identity vetting (e-authentication level of assurance (2)) is required, therefore the account cannot be approved until the user's identity has been vetted.

The GAARDS UI enables users to register for an account with Dorian Identity Provider. To register for an account with Dorian Identity Provider, complete the following steps:

Request a Grid Account

To request a user account:

  1. Launch the GAARDS UI.
  2. From the upper menu bar in the GAARDS UI, select => User ManagementLocal Account => Registration.
  3. From the Service drop-down menu, select the Dorian you wish to register with.
  4. Specify a username and password. This will be the username and password used to authenticate with the Dorian IdP.
    NOTE: The password must 1.) contain at least 10 and less than 20 characters, 2.) include at least one capital letter, one number, and one non-alphanumeric symbol, and 3.) exclude any dictionary words.
  5. Finally enter your personal information and click the Apply button.



After Dorian has completed processing the registration, a message will be displayed to the user specifying whether or not the account was immediately approved (depends on policy). If the account was immediately approved you may login to Dorian to obtain a PKI credential.

Trusted Identity Provider Search

Dorian: Administrators Guide | Developers Guide | Users Guide | caGrid: Documentation Guides

The GAARDS UI enables Dorian administrators to manage the identity providers trusted by Dorian.   To view all the identity providers trusted by a specified Dorian, please complete the following steps:

  1. Launch the Administrative UI (GAARDS UI)
  2. Log onto the Grid
  3. From the Account Management menu select the Grid Account Management sub menu, then select Trusted Identity Provider(s) this will launch the Trusted Identity Provider(s) Window.
  4. From the Service drop down, select the Dorian you wish to search.
  5. Click the Search button.

Upon completion of the search, the identity provider trusted by the Dorian you select will be listed in the table below the search button.  You may view the details of an indiviual identity provider by clicking the View button.

Identity Provider Search

Identity Provider

Register Trusted Identity Provider

Dorian: Administrators Guide | Developers Guide | Users Guide | caGrid: Documentation Guides

Overview

To enable users to use their existing credentials to gain access to Web/Grid Services, their organization's identity provider must be added or registered to Dorian as a trusted identity provider.  Before registering an identity provider with Dorian, each organization must implement and operate an Authentication Service for their identity provider. The Authentication Service provides a standard Web/Grid service interface for authenticating with organizational identity providers in a Web/Grid service environment.   This standard interface is very important when it comes to building applications as it allows applications to authenticate users with any identity provider without needing to know the specific on how to interact with each type of identity provider.

Once an organization's Authentication Service is operational, the identity provider for the organization can be added to Dorian as a trusted identity provider.

Adding an Identity Provider Using the GAARDS UI

The GAARDS UI enables Dorian administrators to add or register identity providers with Dorian.   To register an identity provider with Dorian, please complete the following steps:

  1. Launch the GAARDS UI
  2. Log onto the Grid
  3. From the Account Management menu select the Grid Account Management sub menu, then select Trusted Identity Provider(s) this will launch the Trusted Identity Provider(s) Window.
  4. From the Service drop down, select the Dorian you wish to search.
  5. Click the Add button, this will launch the Add Trusted Identity Provider Window.
  6. Select the General tab.
  7. In the Name text box enter the name of the identity provider.
  8. In the Display Name text box enter the display name of the identity provider.
  9. From the User Policy drop down, select the user policy or account policy for the identity provider.
  10. Under Acceptable Authentication Methods, select the check boxes for the authentication methods that are acceptable for the identity provider being added.
  11. Select the Authentication Service tab.
  12. In the Authentication Service URL text box enter the service URL of the organization's Authentication Service.
  13. In the Authentication Service Identity text box enter the service identity of the organization's Authentication Service.
  14. Select the Certificate tab.
  15. Click the Import Certificate button, this will launch a file browser.
  16. Browse to the X.509 certificate (PEM format) which corresponds to the private key that is used to sign the SAML Assertions issued by the identity provide (Authentication Service) being added.
  17. Click the Open button, this should populate the certificate fields in the Certificate tab.
  18. Select the Attributes tab.
  19. In the User Id Attribute Namespace text box enter the namespace that the identity provider uses for the user id attribute in the SAML Assertions it issues.
  20. In the User Id Attribute text box enter the name that the identity provider uses for the user id attribute in the SAML Assertions it issues.
  21. In the First Name Attribute Namespace text box enter the namespace that the identity provider uses for the first name attribute in the SAML Assertions it issues.
  22. In the First Name Attribute text box enter the name that the identity provider uses for the first name attribute in the SAML Assertions it issues.
  23. In the Last Name Attribute Namespace text box enter the namespace that the identity provider uses for the last name attribute in the SAML Assertions it issues.
  24. In the Last Name Attribute text box enter the name that the identity provider uses for the last name attribute in the SAML Assertions it issues.
  25. In the Email Attribute Namespace text box enter the namespace that the identity provider uses for the email attribute in the SAML Assertions it issues.
  26. In the Email Attribute text box enter the name that the identity provider uses for the email attribute in the SAML Assertions it issues.
  27. Click the Add button, this will immediately register the identity provider to Dorian as a trusted identity provider.

Add Identity Provider

Administrate Trusted Identity Provider

Dorian: Administrators Guide | Developers Guide | Users Guide | caGrid: Documentation Guides

Overview

The GAARDS UI enables to Dorian administrators to view and modify trusted identity providers.  To view an individual identity provider trusted by Dorian complete the following steps:

  1. Launch the GAARDS UI.
  2. Log onto the Grid
  3. From the Account Management menu select the Grid Account Management sub menu, then select Trusted Identity Provider(s) this will launch the Trusted Identity Provider(s) Window.
  4. From the Service drop down, select the Dorian you wish to search.
  5. Click the Search button, this will list all the identity providers trusted by Dorian in the table below the Search button.
  6. Select the identity provider you wish to view and click the View button, this will launch the management window for that identity provider.

The management window for a given identity provider contains 4 tabs: (1) General , (2) Authentication Service, (3) Certificate, and (4) Audit.   Below we will provide details on the information contained in each tab and whether or not it can be updated.

General

The General tab maintains a list of general information about the identity provider, this information is described in the table below:

Attribute Description
IdP Id
The unique id assigned to the identity provider by Dorian.
Name
The name of the identity provider
Display Name*
The display name of the identity provider.
Status* The status of the identity provider.
User Policy* The account policy associated with the identity provider.
Accepted Authentication Method(s)* The acceptable authentication methods for the identity provider.

(* denotes that the attribute(s) can be updated by an administrator!!!)

Authentication Service

The Authentication Service tab contains information related to the identity provider's Authentication Service, this information is described in the table below:

Attribute Description
Authentication Service URL*
The service URL for the identity provider's Authentication Service.
Authentication Service Identity*
The service identity for the identity provider's Authentication Service.

(* denotes that the attribute can be updated by an administrator!!!)

Certificate

The Certificate tab provides details on the X.509 certificate that corresponds to the private key used by the identity provider to sign the SAML Assertions it issues. The identity provider's certificate can be updated by Dorian administrators. To update the certificate you must import the new certificate into the UI, using the Import Certificate button, you must then follow the identity provider update procedures listed below.

Audit

For security purposes, Dorian maintains auditing information on each identity provider. Auditing information cannot be updated, however it can be searched by following the identity provider auditing procedures listed below.

Identity Provider Search

Identity Provider

Updating a Trusted Identity Provider

To update an individual identity provider trusted by Dorian complete the following steps:

  1. Launch the GAARDS UI
  2. Log onto the Grid
  3. From the Account Management menu select the Grid Account Management sub menu, then select Trusted Identity Provider(s) this will launch the Trusted Identity Provider(s) Window.
  4. From the Service drop down, select the Dorian you wish to search.
  5. Click the Search button, this will list all the identity providers trusted by Dorian in the table below the Search button.
  6. Select the identity provider you wish to update and click the View button, this will launch the management window for that identity provider.
  7. Make changes to the information you wish to update.
  8. Click the Update button, your changes will be immediately applied to Dorian.

Auditing

For security purposes, Dorian maintains auditing information on each identity provider. The following is a list of auditing information maintained for each identity provider:

Audit Information
Description
IdPAdded
Documents when an identity provider was registered to Dorian as a trusted identity provider.
IdPUpdated
Documents when an identity provider was updated.
IdPRemoved
Documents when an identity provider was removed from Dorian as a trusted identity provider.

The GAARDS UI allows Dorian administrators to search the auditing information for a given identity provider based the following search criteria:

Criteria Description
Reporting Party The identity of the party that performed or reported the action.
Audit Type
The type of auditing information, please consult the table above for different types.
Start Date
The start of a date/time range of when the even occurred.
End Date
The end of a date/time range of when the even occurred.
Message
Search the content of the Audit Message.

Using the GAARDS UI, administrators can search the auditing information by completing the following steps:

  1. Launch the Administrative UI (GAARDS UI)
  2. Log onto the Grid
  3. From the Account Management menu select the Grid Account Management sub menu, then select Trusted Identity Provider(s) this will launch the Trusted Identity Provider(s) Window.
  4. From the Service drop down, select the Dorian you wish to search.
  5. Click the Search button, this will list all the identity providers trusted by Dorian in the table below the Search button.
  6. Select the identity provider you wish to update and click the View button, this will launch the management window for that identity provider.
  7. Select the Audit tab.
  8. Enter the desired search criteria.
  9. Click the Search button.

When the search has completed, the audit records meeting your search criteria will be displayed in the table below the Search button.  To view the complete details of a specifc audit record, select that record in the table and click the View button.  This will launch a window containing the complete details of the audit record you selected.

Auditing

Audit Record

Remove Trusted Identity Provider

Dorian: Administrators Guide | Developers Guide | Users Guide | caGrid: Documentation Guides

Dorian provides administrators the ability to remove a trusted identity provider.  Removing a trusted identity provider will remove all user accounts associated with that identity provider from Dorian.   User certificates issued to users associated with the identity provider will be deleted.   User certificates that were revoked at the time the identity provider was deleted will be added permanently to Dorian's CRL.  User certificates that have expired or are still active WILL NOT be added to Dorian's CRL and these certificates will not be able to be revoked in the future.     Host certificates issued by Dorian associated with the identity provider will permanently be revoked.   Because of these reasons we HIGHLY RECOMMEND that you don't not delete identity providers, rather if you wish to suspend access to an identity provider, we recommend then you change the status of the identity provider to Suspended.

If you wish to remove a trusted identity provider from Dorian, you can do so using the GAARDS UI as follows:

  1. Launch the GAARDS UI.
  2. Log onto the Grid
  3. From the Account Management menu select the Grid Account Management sub menu, then select Trusted Identity Provider(s) this will launch the Trusted Identity Provider(s) Window.
  4. From the Service drop down, select the Dorian you wish to search.
  5. Click the Search button, this will list all the identity providers trusted by Dorian in the table below the Search button.
  6. Select the identity provider you wish to remove and click the Remove button, this will immediately remove the selected identity provider from Dorian.

Identity Provider Search
Last edited by
Sarah Honacki (822 days ago)
Adaptavist Theme Builder Powered by Atlassian Confluence