...
Working with Login Sources
Login Sources define where the user comes from. For example, if the user authenticates with a username and password stored in OPS-COM then OPSCOM is the source. They could also come from SAML, LDAP etc.
You can add login sources in the Admin Options under Users.
By default, you will have the OPSCOM login source. You can see that this will give users the option of entering their username and password.
If we were to disable this option then we would only be left with our SAML login source. 
Adding Login Sources
To add login sources we click the Add Login Source button at the top right corner of the page.
Any required fields will be displayed in red letting you know they must be completed before you can save.
| Info | ||
|---|---|---|
| ||
The fields have multiple states which are reflected by the color they are highlighted with.
|
The Code field is what the user profile will match against when adding users to the new login source. However, only one login source code can be activated at a time.
Service Provider Fields
The Unique Identifier is the ID of the external SAML system that comes from the provider.
The Entity ID for Service Provider is the name that our system communicates with the SAML system for example. It also becomes part of the URL for the user portal
The x509 certificate can be generated and added to the service provider.
Identity Provider Fields
These fields come from the system you are working with such as SAML when communicating with ops-com. For example, SAML should display its metadata under Federation → Show Metadata.
Once the settings have been completed and saved you will have access to the MetaData, Synchronization and Translations tab.
If you are configuring a system to work with SAML refer to this wiki article for setup information.
Managing Login Sources
We can manage our login sources by either editing or deleting them using the two buttons to the right of each source.
Archiving a login source means that it will no longer display on the user side and any users associated with this source will be removed from logging in this way.
Related Pages
| Filter by label (Content by label) | ||||||||
|---|---|---|---|---|---|---|---|---|
|
| Show if | ||
|---|---|---|
| ||
Troubleshooting LDAP - When LDAP has connection issues (server temporarily offline / not setup properly etc) papertrail will get a log about it: Refer to the Troubleshooting section of https://mywiki.papertrailappops-com.com/systems/WEB-OC_WVU-NP/events?selected=1329931097278210058
Troubleshooting Scheduled Task Issues If you see the next fire time is in the past, look for errors in sentry. This means that the script died for some reason. Only Paul or Robin can resolve this likely as it requires stuff done in the DB. (reset the running flag or additionaly setup) Troubleshooting SAML Note, SAML doesn't work if the user isn't already imported into our system. Clients should use the API for User Push to set this up before SAML can work. The following is an example of a response from an external system to OPS-COM. In this case, it is a SimpleSAMLPhp service set up as the identity provider. At the bottom are several attributes within an saml:AttributeStatement tag. These are required for our system to match to a user within our system. The one field that matters in this attribute section is what is being used as the permanently unique identifier for a user. In this case it is "uid". Since "uid" is being sent back, then the setup for Identity Provider Fields should have "uid" as the Unique ID Field. If the unique ID is something else such as SAMaccountName, then that should be used for UniqueID. When testing on preview, Papertrail will report the incoming attributes: xml x/BICwFw to find out all the details. |