Versions Compared

Old Version 39

changes.mady.by.user Steven Erickson (unicon.net)

Saved on

compared with

New Version 40

changes.mady.by.user Steven Erickson (unicon.net)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. Click on the Edit link for one of the source's section.                                                                                                                                                                                              

    When you click the Edit link in the Source Configuration page, the section you selected to edit is displayed on the page. The link in the left navigation is highlighted indicating the section displayed.                             

  2. Make your desired edits for this section and or click on other sections to make edits to their fields.

  3. Click the Save button.                                                                                                                                                                                                                                

    NOTE: Multiple sections can be modified prior to selecting Save and the modifications for all sections will be saved.

...

  1. Log into Shibboleth IdP UI as an Administrator.
  2. Select the Groups  option from the Advanced menu in the upper right navigation.                         Image Removed Click the Add group role button.                      Image RemovedEnter values in the Group Name and Group Description   fields. Image Removed  

    NOTE: The URL validation regular expression and Approvers sections are optional.

    OPTIONAL: Enter a value in the URL validation regular expression field. The URL validation regex field is for administrators to define what entity IDs and assertion consumer service URLs can be targeted by members of that group. Image Removed   NOTE: During the metadata source creation process, the Entity ID and any assertion consumer service endpoint URLs will be restricted to matching the URL validation regular expression defined for the members's group. For example, here is a failed validation on the Entity ID:                                                                    

    Image Removed

    Once it has been corrected, the user can proceed with their metadata source definition:

    Image Removed

    Similarly, when defining Assertion Consumer Service Endpoints, the URL will be validated against the group's RegEx:

    Image Removed

    And once it is successful, the user can proceed with their metadata source definition

    Image Removed

  3. OPTIONAL: Select an option from the Approvers menu. Image Removed 

    NOTE: This provides an additional level of approval for metadata sources and dynamic registrations, granting the approver group(s) the authority to approve an un-enabled Metadata Source. 

    Metadata sources and dynamic registrations belonging to a group that has approval groups assigned to it cannot be enabled by a delegated enabler until it has been approved by a user from one of the approval groups.

  4.                                                Image Added 
  5. Click the Add group role button.       Click the Save button.                                     Image Removed

...

  1.                                                                                                                                                                                                             Image Added
  2. Enter values in the Group Name and Group Description fields.                                                                                                                                                                                                      Image Added 

    NOTE: The URL validation regular expression and Approvers sections are optional.

  3. OPTIONAL: Enter a value in the URL validation regular expression field. The URL validation regex field is for administrators to define what entity IDs and assertion consumer service URLs can be targeted by members of that group.                                                                                                                                                                                                                                       Image Added 

    NOTE: During the metadata source creation process, the Entity ID and any assertion consumer service endpoint URLs will be restricted to matching the URL validation regular expression defined for the members's group. For example, here is a failed validation on the Entity ID:                                                                   

    Image Added                                            Once it has been corrected, the user can proceed with their metadata source definition:

    Image Added

    Similarly, when defining Assertion Consumer Service Endpoints, the URL will be validated against the group's RegEx:

    Image Added

    And once it is successful, the user can proceed with their metadata source definition

    Image Added

  4. OPTIONAL: Select an option from the Approvers menu.                                                                                                                                                                                                                 Image Added 

    NOTE: This provides an additional level of approval for metadata sources and dynamic registrations, granting the approver group(s) the authority to approve an un-enabled Metadata Source. 

    Metadata sources and dynamic registrations belonging to a group that has approval groups assigned to it cannot be enabled by a delegated enabler until it has been approved by a user from one of the approval groups.

  5. Click the Save button.                                                                                                                                                                                                                                                                          Image Added

The Groups Management page is displayed, the new group has been added to the list, and a success message is displayed.

Roles

There are three basic user roles in Shibboleth IdP UI:

  • ROLE_ADMIN: A user with ROLE_ADMIN, Administrator, is able to view, approve, enable, and modify all metadata sources, metadata providers, and dynamic registrations. They also have access to all administrative functions including the Admin dashboard, Action Required dashboard, and Advanced features.  
  • ROLE_ENABLE: A user with ROLE_ENABLE has the ability to create, edit, and enable metadata sources belonging to their group.
  • ROLE_USER: A user with ROLE_USER has the ability to create and edit metadata sources belonging to their group, but cannot enable them.

On the Role Management screen the Administrator can perform the following functions:

  • Create a new role

  • Edit an existing role - except the ROLE_ADMIN; this role is required by the system
  • Delete a role  - except the ROLE_ADMIN; this role is required by the system