[Download] | [Documentation Index] | [Release Note]

WSO2 Identity Solution, v1.0-Administrator's Guide

This document provides information and instructions on the functionality of the Management Console of WSO2 Identity Solution .

Your feedback on WSO2 Identity Solution is most appreciated. Please send them to our mailing lists.

Content

Loging to Admin Console

Download and install Identity Provider as in here.

Point your browser to https://host:port/admin. If you haven't changed the default settings then you should be able to login to https://localhost:12443/admin/ using username "admin" and passowrd "admin".

Configure Identity Provider

User Stores

WSO2 Identity Solution can access users from existing user stores. Identity Provider will issue Managed Cards and Tokens for the users in configured user store. You can have several user stores but only one can be active at a time. User store can be an LDAP or JDBC.

LDAP - org.wso2.usermanager.custom.ldap.LDAPRealm
Parameter NameDescription
ConnectionUrlLDAP connection url - e.g. ldap://localhost:389
ConnectionNameLDAP connection username. This must be a root user who can read attribute IDs
ConnectionPassLDAP connection password.
UserPatternUser search pattern must be given - e.g. uid={0},ou=People,dc=wso2,dc=com
UserContextNameName of the context, where user objects are stored
AttributeIdsUser Attribute IDs that will be read by the IdP. Column names must be comma seperated - e.g. email_address, telephone. These attributes will be included in the issued SAML tokens.
JDBC - org.wso2.usermanager.custom.jdbc.JDBCRealm
Parameter NameDescription
DriverNameJDBC Driver's class name. It must be present in the classpath - e.g. org.apache.derby.jdbc.EmbeddedDriver
ConnectionURLConnection URL to the database - e.g. jdbc:derby:home/identity/database/SAMPLE_DB
ConnectionUserNameConnection username to the database
ConnectionPasswordConnection password of the username
UserTableUser table name in the database.
UserNameColumnUser name column in the User table
UserCredentialColumnUser credential column in the User table
ColumnNamesColumn names of the user table from where the user properties will be read. Column names must be comma seperated - e.g. email_address, telephone. These attributes will be included in the issued SAML tokens.

Defining Claims

The standard set of claims of the http://schemas.xmlsoap.org/ws/2005/05/identity dialect and another set of sample claims are available in this view. Use the "add new dialect" option and "add new claim" option to add diatects and claims. Click the "switch" icon in the claim detail section of each claim to enable/disable a claim.

Mapping Claims

This view allows mapping a claim to a user attribute in the user store. The available attibute identifiers will be shown in the claim edit view, when the display name of a claim is selected.

Manage Identity Provider

Manage Users

The user management currectly allows the administrator to view the list of users who can use the identity provider.

Trusted Relying Parties

Administrator can specify a list of relying parties trusted globally by the identity provider. To add a new relying party to this list, click on the "Add new trusted relying party" link and provide the certificate of the relying party. This certificate must be in DER format (When you export a cerificate using java keytool the certificate will be in DER format). The "Common Name" (CN) of this certificate will be used to identify the host name of the trusted relying party.

Issued Cards

Administator can view issued and revoked information cards using this view. A card can be revoked using the "Revoke Card" option.

Statistics

Statistics provides information on user behavior, card downloads and token issuance. These are the reports that it generates.