IDHUB Authentication

Follow

IDHUB Authentication

Authentication groups two elements: Schemes and Methods. A scheme is linked to a Service Provider to define the Identity Provider(s) that are related to that Service Provider. Also the order of execution in the case of multi-factor authentication and multi-level or step up authentication. Methods define the Identtiy Provider(s), and the Schemes define the order the Methods.

Authentication Schemes

Definitions of Authentication Scheme fields

Field Name Description
Display Name The name of the Authentication Scheme
Type The type of Authentication Scheme
Scheme Priority The Authentication Methods added to this pane can be sorted in terms of Priority, that is how they can be referenced when Authenticating

Definitions of Authentication Scheme "Type" fields

Field Name Description
Authentication Level This type of Authentication Scheme is used in combination with the Method Comparison Attribute of the Service Provider. This combined attribute when used defines the level of Authentication(Minimum, Maximum, Exact, or Better) that is needed to be able to acess this Service Provider
Multi-Factor Authentication This type of Authentication Scheme is used to

Add New Authentication Schemes

This operation adds a new Authentication Scheme

  • Click Authentication under Configuration
  • Click on tab Add New Scheme under pane Authentication Schemes
  • Fill in all necessary data under Display Name, and Type
  • Select an Authentication Method by clicking on the arrow underneath the method you want to select
  • Click button Save & Close
Possible Alerts that can be encountered during this operation

User will be informed via an alert message underneath the respective mandatory field(s) that these are required field(s)) If User clicks on button Save & Close without entering data for these field(s) User will be informed via an alert message about a Duplicate Authentication Method if User creates two Authentiation Methods with the same Identity Provider and the same Authentication context ref and assign them to the same Scheme

Edit Authentication Schemes

This operation modifies an existing Authentication Scheme

  • Click Authentication under Configuration
  • Click on the Edit icon adjacent the Scheme you want to edit under pane "Authentication Schemes"
  • Make all necessary changes and click on button Save & Close

Delete

This operation deletes an existing Authentication Scheme

  • Click Authentication under Configuration
  • Click on the "Delete" icon adjacent the Scheme you want to delete under pane "Authentication Schemes"
  • Click on the button Delete

Authentication Methods

Definitions of Authentication Method fields

Field Name Description
Display Name Display Name to indentity this Authentication Method
SAML Authentication Context The AuthnContextClassRef of the IDP for User with SAML2
OpenID Authentication Context The AuthnContextClassRef of the IDP for User with OpenID

Add New Authentication Methods

This operation adds a new Authentication Method

  • Click Authentication under Configuration
  • Click on tab Add New Method under pane Authentication Methods
  • Fill in all necessary data, also check one or more Identity Provider, and click button Save & Close
Possible Alerts that can be encountered during this operation

User will be informed via an alert message underneath the respective mandatory fields that these are required field(s) If User clicks on button Save & Close without entering data for these field(s)

Edit Authentication Methods

This operation modifies an existing Authentication Method

  • Click Authentication under Configuration
  • Click on the Edit icon adjacent the Method you want to edit under pane Authentication Methods
  • Make all necessary changes and click on button Save & Close

Delete Authentication Methods

This operation deletes an existing Authentication Method

  • Click Authentication under Configuration
  • Click on the Delete icon adjacent the Method you want to delete under pane Authentication Methods
  • Click on the button Delete
Possible Alerts that can be encountered during this operation

User will be informed via an alert message at the bottom of the page that Authentication Method cannot be deleted, and that User need to first delete Associated Authentication Scheme first

Authentication Level - Method Comparison

Minimum

This is the requested Authentication Method and everything above it, if nothing is requested, it checks the default from the Service Provider, if no default is set, it then uses the lowest

  • Create a New Authentication Scheme or use an existing one, for the Type field, select Authentication Level from the drop down list
  • From the Authentication Method pane, select two or three valid Methods(IDP's) by clicking on the arrow icon
  • Click button Save & Close to save both changes from step1 and 2 above
  • Go to the Service Provider and click on the Authentication Shield icon
  • Select the correct Scheme for field Authentication Scheme
  • Select Minimum from the drop down list for field Method Comparison
  • Go to the appropriate link of the service provider(say https://master_dev.trustbuilder.io/idhub/login.html?code=0ecc61ad-691d-44f9-a4b4-0dcc8ad13048&comparison=minimum), and hit Enter
  • Select the Authentication Method(IDP) you want to Authenticate with
  • Enter correct user credentials and click Sign- In
Maximum

The highest in order of the Authentication Methods is selected

  • Create a New Authentication Scheme or use an existing one, for the Type field, select Authentication Level from the drop down list
  • From the Authentication Method pane, select two or three valid Methods(IDP's) by clicking on the arrow icon
  • Click button Save & Close to save both changes from step1 and 2 above
  • Go to the Service Provider and click on the Authentication Shield icon
  • Select the correct Scheme for field Authentication Scheme
  • Select Maximum from the drop down list for field Method Comparison
  • Go to the appropriate link of the service provider(say https://master_dev.trustbuilder.io/idhub/login.html?code=0ecc61ad-691d-44f9-a4b4-0dcc8ad13048&comparison=maximum), and hit Enter
  • Click on the Authentication Method(IDP)
  • Enter correct user credentials and click Sign- In
Maximum

The highest in order of the Authentication Methods is selected

  • Create a New Authentication Scheme or use an existing one, for the Type field, select Authentication Level from the drop down list
  • From the Authentication Method pane, select two or three valid Methods(IDP's) by clicking on the arrow icon
  • Click button Save & Close to save both changes from step1 and 2 above
  • Go to the Service Provider and click on the Authentication Shield icon
  • Select the correct Scheme for field Authentication Scheme
  • Select Maximum from the drop down list for field Method Comparison
  • Go to the appropriate link of the service provider(say https://master_dev.trustbuilder.io/idhub/login.html?code=0ecc61ad-691d-44f9-a4b4-0dcc8ad13048&comparison=maximum), and hit Enter
  • Click on the Authentication Method(IDP)
  • Enter correct user credentials and click Sign- In
Exact

This is the exact requested Authentication Method and nothing else, if nothing is requested, it uses the default from the Service Provider, if no default is set, then it uses the lowest

  • Create a New Authentication Scheme or use an existing one, for the Type field, select Authentication Level from the drop down list
  • From the Authentication Method pane, select two or three valid Methods(IDP's) by clicking on the arrow icon
  • Click button Save & Close to save both changes from step1 and 2 above
  • Go to the Service Provider and click on the Authentication Shield icon
  • Select the correct Scheme for field Authentication Scheme
  • Select Exact from the drop down list for field Method Comparison
  • Go to the appropriate link of the service provider(say https://master_dev.trustbuilder.io/idhub/login.html?code=0ecc61ad-691d-44f9-a4b4-0dcc8ad13048&comparison=exact&authncontext=urn:mart:user), and hit Enter
  • Click on the Authentication Method(IDP)
  • Enter correct user credentials and click Sign- In
Better

This is when all Authentication Methods above the requested Authentication Methods can be used, in other words, all Authentication Method(s) that are higher than the one specified in teh URL

  • Create a New Authentication Scheme or use an existing one, for the Type field, select Authentication Level from the drop down list
  • From the Authentication Method pane, select two or three valid Methods(IDP's) by clicking on the arrow icon
  • Click button Save & Close to save both changes from step1 and 2 above
  • Go to the Service Provider and click on the Authentication Shield icon
  • Select the correct Scheme for field Authentication Scheme
  • Select Better from the drop down list for field Method Comparison
  • Go to the appropriate link of the service provider(say https://master_dev.trustbuilder.io/idhub/login.html?code=0ecc61ad-691d-44f9-a4b4-0dcc8ad13048&comparison=exact&authncontext=urn:mart:user), and hit Enter
  • Click on the Authentication Method(IDP)
  • Enter correct user credentials and click Sign- In
Have more questions? Submit a request

Comments