...
- Click on the Edit link for one of the source's section.
When you click the Edit link in the Source Configuration page, the section you selected to edit is displayed on the page. The link in the left navigation is highlighted indicating the section displayed.
Make your desired edits for this section and or click on other sections to make edits to their fields.
Click the Save button.
NOTE: Multiple sections can be modified prior to selecting Save and the modifications for all sections will be saved.
...
- Log into Shibboleth IdP UI as an Administrator.
- Select the Groups option from the Advanced menu in the upper right navigation. Click the Add group role button. Enter values in the Group Name and Group Description fields.
NOTE: The URL validation regular expression and Approvers sections are optional.
OPTIONAL: Enter a value in the URL validation regular expression field. The URL validation regex field is for administrators to define what entity IDs and assertion consumer service URLs can be targeted by members of that group. NOTE: During the metadata source creation process, the Entity ID and any assertion consumer service endpoint URLs will be restricted to matching the URL validation regular expression defined for the members's group. For example, here is a failed validation on the Entity ID:Once it has been corrected, the user can proceed with their metadata source definition:
Similarly, when defining Assertion Consumer Service Endpoints, the URL will be validated against the group's RegEx:
And once it is successful, the user can proceed with their metadata source definition
- OPTIONAL: Select an option from the Approvers menu.
NOTE: This provides an additional level of approval for metadata sources and dynamic registrations, granting the approver group(s) the authority to approve an un-enabled Metadata Source.
Metadata sources and dynamic registrations belonging to a group that has approval groups assigned to it cannot be enabled by a delegated enabler until it has been approved by a user from one of the approval groups.
- Click the Add group role button. Click the Save button.
...
- Enter values in the Group Name and Group Description fields.
NOTE: The URL validation regular expression and Approvers sections are optional.
- OPTIONAL: Enter a value in the URL validation regular expression field. The URL validation regex field is for administrators to define what entity IDs and assertion consumer service URLs can be targeted by members of that group.
NOTE: During the metadata source creation process, the Entity ID and any assertion consumer service endpoint URLs will be restricted to matching the URL validation regular expression defined for the members's group. For example, here is a failed validation on the Entity ID:
Once it has been corrected, the user can proceed with their metadata source definition:
Similarly, when defining Assertion Consumer Service Endpoints, the URL will be validated against the group's RegEx:
And once it is successful, the user can proceed with their metadata source definition
- OPTIONAL: Select an option from the Approvers menu.
NOTE: This provides an additional level of approval for metadata sources and dynamic registrations, granting the approver group(s) the authority to approve an un-enabled Metadata Source.
Metadata sources and dynamic registrations belonging to a group that has approval groups assigned to it cannot be enabled by a delegated enabler until it has been approved by a user from one of the approval groups.
- Click the Save button.
The Groups Management page is displayed, the new group has been added to the list, and a success message is displayed.
Roles
There are three basic user roles in Shibboleth IdP UI:
- ROLE_ADMIN: A user with ROLE_ADMIN, Administrator, is able to view, approve, enable, and modify all metadata sources, metadata providers, and dynamic registrations. They also have access to all administrative functions including the Admin dashboard, Action Required dashboard, and Advanced features.
- ROLE_ENABLE: A user with ROLE_ENABLE has the ability to create, edit, and enable metadata sources belonging to their group.
- ROLE_USER: A user with ROLE_USER has the ability to create and edit metadata sources belonging to their group, but cannot enable them.
On the Role Management screen the Administrator can perform the following functions:
Create a new role
- Edit an existing role - except the ROLE_ADMIN; this role is required by the system
- Delete a role - except the ROLE_ADMIN; this role is required by the system