IDHUB Service Providers

Follow

IDHUB Service Providers

Service Providers are applications that request Authentication from Identity Providers.

The In-built Service Provider(s) - that is the one that is configured during the first time installation of the Application cannot be deleted nor modified.

Defitinitions of fields of Service Provider SAML2

Field Name Description
Display Name This is the descriptive name of the Service Provider. It is a mandatory field and always need to be filled-in
URL This is the URL where the Service Provider can be located. This isn’t a mandatory field
Description A Service Provider using the SAML2 Protocol
Type This field list all current Service Provider types. It is a mandatory field and an item always need to be selected from the drop down list. This list is populated from a database
Entity ID This uniquely identifies your SAML2 partner. It will be provided by the partner if you want to use SAML2
Signs Authentication Request This indicates whether the Service Provider digitally signs the Authentication Request or not
Response Signed If set to true, the response from the IDHub to the Service Provider will be signed
Assertion Signed If set to true, the assertion from the IDHub to the Service Provider will be signed
Signing Certifitcate This is the base 64 encoded public certificate of the Service Provider
Signing Subject The subject of the certificate that is used to validate SAML requests from the Service Provider. This is provided for extra security
Assertion Encrypted If set to true, the assertion from the IDHub to the Service Provider will be encrypted
Encrypted Type The algorithm used to encrypt the SAML responses send to the Service Provider. This is specified in the EncryptionMethod in the Algorithm attribute in the XML meta data provided by the Service Provider
Encryption Certificate The alias in the keystore that is used to encrypt SAML responses send to the Service Provider
Encryption Method This is the method used for encrypting an assertion
ACS Post Location URL The location that is used to send SAML authentication responses. The SAML2 XML provided by the partner contains this in the AssertionConsumerService tag in the location attribute. The binding attribute of the AssertionConsumerService tag will have the value urn:oasis:name:tc:SAML:2.0:bindings:HTTP-POST
SLO Signed If set to true, the logout request to or from the Service Provider is signed
SLO Post Location URL This is the location that is used to send the SAML single logout (SLO) requests or responses. The SAML2 XML provided by the Service Provider contains this in the SingleLogoutService tag in the location attribute. The binding attribute of the SingleLogoutService tag will have the value urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
Default Name ID The name ID format to use when a Service Provider does not provide a name id format in the authentication request

Definitions of fields of Service Provider Proxy Locations

Field Name Description
Display Name This is the descriptive name of the Service Provider. It is a mandatory field and always need to be filled-in
URL This is the URL where the Service Provider can be located. This is not a mandatory field
Description This is the custom text of the Administrator that describes what the Service Provider does
Proxy Location This is the location on the Gateway of the Service Provider

Creating New Service Provider

This operation creates a new Service Provider

  • Click Service Providers under "Administration"
  • Click Add New SP button at the top right corner of the page
  • Enter all mandatory data, and click button Save  Close

Possible Alerts that can be encountered during this operation

Clicking on button Save  Close without filling in data for some, or all of the mandatory field(s), will trigger an alert message underneath these field(s), indicating that these are required field(s) that need to be filled-in

Editing Service Provider

This operation edits the details of an existing Service Provider except that of the in-built Service Provider (the one that is configured during first time installation of the Application)

  • Click Service Provider under Administration
  • Click on the Edit icon adjacent to the Service Provider you want to Edit
  • Fill in all necessary changes you want to make and click on button Save  Close

Possible Alerts that can be encountered during this operation

Clicking on button Save  Close without filling in data for some, or all of the mandatory field(s), will trigger an alert message underneath these field(s), indicating that these are required field(s) that need to be filled-in

User will be informed via an alert message at the bottom of page that This operation is not allowed if User attempts to edit the in-built Service Provider and clicks on button Save  Close

Defitions of Editing Settings of Service Provider

  • Current Logo – This is the currently available logo of the Service Provider
  • Image File – Adjacent to the “Image Fileâ€? is a File Uploader link which when clicked sends User to a File Uploader window where User can select image or logo to upload
  • Preview of Uploaded File – A preview of the uploaded image or logo

Editing Settings of Service Provider

This operation edits the settings of existing Service Provider

  • Click Service Providers under Administration
  • Click on the Edit Settings icon of the Service Provider that you want to Edit its settings
  • Click on Browse to upload image
  • From the File Uploader Window, double click or select image and click on Open
  • Click Upload Image File
  • Click button Save  Close

Deleting Service Provider

This operation deletes an existing Service Provider except that of the in-built Service Provider (the one that is configured during first time installation of the Application)

  • Click Service Provider
  • Click on Delete icon adjacent to the Service Provider you want to delete
  • Click on Delete button on pop up window that displays

Possible Alerts that can be encountered during this operation

Notice that the Delete icon is inactive (greyed out) for any in-built Service Provider (that is, the Service Provider that is configured during the first time installation of the Application), thus delete operation is not possible for this Service Provider

User will be prompted via an alert message at the bottom of page, that SP cannot be deleted as it is currently assigned to Users if User attempts to delete any Service Provider that currently have Users linked to it

User will be prompted via an alert message at the bottom of page, that SP cannot be deleted as it is assigned to an IDP if User attempts to delete any Service Provider that is assigned to Identity Provider(s).

User will be prompted with an alert message at the bottom of page that SP cannot be deleted as it has User Attributes related to it if User attempts to delete any Service Provider that have User Attributes linked to it.

Service Provider Attributes

These attributes are related to a Service Provider; like Identity Provider attributes, these are only stored in the repository and can be used by the customer for authorization.

Definitions of fields of the Subject Configuration of the Service Provider

Field Name Description
IDHub User ID If the Configuration is set to **IDHub User ID** then it implies all Users that have IDHub User ID will have access to this Service Provider
Anonymous If the configuration is set to **Anonymous** then it implies any User in the system can have access to this Service Provider
Create New Attribute This configuration can be used to create a New User Attribute that will fall under the **Common** category

Definitions of the User Attributes fields of the Service Provider

Field Name Description
Service Provider User Attribute This is the name used by the Service Provider to refer to the User Attributes
User Attributes IThis is the name used by IDHub to refer to the User Attribute
Required This configuration can be used to create a New User Attribute that will fall under the **Common** category

Mapping Attributes to a Service Provider

This function maps the attribute required by the Service Provider to that of the Attribute of the User in the IDHUB database

  • Click Service Providers under Administration
  • Click on the Identity icon adjacent to the Service Provider you want to map the attribute to
  • Click tab Add User Attribute under pane User Attributes
  • Fill in all necessary details and Click button Save  Close

Possible Alerts that can be encountered during this operation

User will be informed via an alert message underneath the input field that User Attribute - Required Value If User clicks on button Save  Close without entering data for the required field(s)

Remove Attribute from Mapping

This function removes the Attribute required by the Service Provider from that of the Attribute of the User in the IDHUB Database

  • Click Service Providers under Administration
  • Click on the icon Identity adjacent to the Service Provider you want to remove the attribute from
  • Click on the Delete basket icon adjacent to the Attribute you want to remove its mapping
  • Click button Save  Close

Implicit linking of Service Provider to User(s)

This operation links a User(s) to a Service Provider provided the User(s) shares/have the same attribute as that specified for the Subject Configuration of the SP

  • Click on the Identity icon adjacent the Service Provider
  • Select an item from the drop down list under pane Subject Configuration that you will want to be used to indentify the User(s) to the Service Provider
  • Click button Save  Close

Possible Alerts that can be encountered during this operation

If User clicks on Save  Close without selecting an item for this field validation will fail and a message will be displayed below the field.

Restricting User Access to a Service Provider

This operation restricts a Users acess to a Service Provider

  • Click Service Providers under Administration
  • Click on the Authorisation shield icon adjacent the Service Provider for which you want to restrict a particular Users access to
  • Click on Attribute Rule and then the Delete icon basket adjacent the rule that you want to revoke Users right/access to

Consequences of Revoking Users rights

A user will no longer be able to use the said Service or Application once his Services/Applications are unlinked. Any time User attempts to log into the Services or Application, he will be informed that - User does not have sufficient rights to access the said application.

Have more questions? Submit a request

Comments