[Download ] | [Documentation Index ] | [Release Note ]

WSO2 Identity Solution, v1.5-Identity Provider Administrator's Guide

This document provides information and instructions on the functionality of the Management Console of WSO2 Identity Solution .

Your feedback on WSO2 Identity Solution is most appreciated. Please send them to our mailing lists .

Content

Loging to Admin Console

Download and install Identity Provider as in here .


Point your browser to https://host:port/admin. If you haven't changed the default settings then you should be able to login to https://localhost:12443/admin/ using username "admin" and passowrd "admin".

Configure Identity Provider

User Stores

WSO2 Identity Solution can access users from existing user stores. Identity Provider will issue Managed Cards and Tokens for the users in configured user store. You can have several user stores but only one can be active at a time. User store can be an LDAP or JDBC.


LDAP - org.wso2.usermanager.custom.ldap.LDAPRealm
Parameter Name Description
ConnectionUrl LDAP connection url - e.g. ldap://localhost:389
ConnectionName LDAP connection username. This must be a root user who can read attribute IDs
ConnectionPass LDAP connection password.
UserPattern User search pattern must be given - e.g. uid={0},ou=People,dc=wso2,dc=com
UserContextName Name of the context, where user objects are stored
AttributeIds User Attribute IDs that will be read by the IdP. Column names must be comma seperated - e.g. email_address, telephone. These attributes will be included in the issued SAML tokens.
JDBC - org.wso2.usermanager.custom.jdbc.JDBCRealm
Parameter Name Description
DriverName JDBC Driver's class name. It must be present in the classpath - e.g. org.apache.derby.jdbc.EmbeddedDriver
ConnectionURL Connection URL to the database - e.g. jdbc:derby:home/identity/database/SAMPLE_DB
ConnectionUserName Connection username to the database
ConnectionPassword Connection password of the username
UserTable User table name in the database.
UserNameColumn User name column in the User table
UserCredentialColumn User credential column in the User table
ColumnNames Column names of the user table from where the user properties will be read. Column names must be comma seperated - e.g. email_address, telephone. These attributes will be included in the issued SAML tokens.

Defining Claims

The standard set of claims of the http://schemas.xmlsoap.org/ws/2005/05/identity dialect and another set of sample claims are available in this view. Use the "add new dialect" option and "add new claim" option to add diatects and claims.

Click the "switch" icon in the claim detail section of each claim to enable/disable a claim.

A detailed guide on defining claims realted to OpenID is available here .

Mapping Claims

This view allows mapping a claim to a user attribute in the user store. The available attibute identifiers will be shown in the claim edit view, when the display name of a claim is selected.

Manage Identity Provider

Manage Users

The user management currectly allows the administrator to view the list of users who can use the identity provider.

Trusted Relying Parties

Administrator can specify a list of relying parties trusted globally by the identity provider. To add a new relying party to this list, click on the "Add new trusted relying party" link and provide the certificate of the relying party. This certificate must be in DER format (When you export a cerificate using java keytool the certificate will be in DER format). The "Common Name" (CN) of this certificate will be used to identify the host name of the trusted relying party.

Issued Cards

Administator can view issued and revoked information cards using this view. A card can be revoked using the "Revoke Card" option.

Statistics

Statistics provides information on user behavior, card downloads and token issuance. These are the reports that it generates.