Versions Compared

Version Old Version 14 New Version Current
Changes made by

Paul Warren

Justin G

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...


Info
iconfalse

OperationsCommander can be integrated with single sign-on services such as SAML or LDAP to allow users to sign into the User Portal.  Configuration is straight forward and can be easily accomplished by following the details listed on this page.

Table of Contents

Working with Login Sources

Login Sources define where the user comes from. For example, if the user authenticates with a username and password stored in OPS-COM then OPSCOM is the source. They could also come from SAML, LDAP etc. 

You can add login sources in the Admin Options under Users. 

By default, you will have the OPSCOM login source. You can see that this will give users the option of entering their username and password.

If we were to disable this option then we would only be left with our SAML login source. 

Adding Login Sources

To add login sources we click the Add Login Source button at the top right corner of the page.

Any required fields will be displayed in red letting you know they must be completed before you can save. 

Info
titleImportant

The fields have multiple states which are reflected by the color they are highlighted with. 

  1. Red fields are required to click save.
  2. Yellow fields are required to work but still allow empty or invalid values to be saved.
  3. Yellow fields can also indicate that a change has been made.


The Code field is what the user profile will match against when adding users to the new login source. However, only one login source code can be activated at a time. 

Service Provider Fields

The Unique Identifier is the ID of the external SAML system that comes from the provider. 

The Entity ID for Service Provider is the name that our system communicates with the SAML system for example. It also becomes part of the URL for the user portal 

The x509 certificate can be generated and added to the service provider. 

Identity Provider Fields

These fields come from the system you are working with such as SAML when communicating with ops-com. For example, SAML should display its metadata under Federation → Show Metadata. 

Once the settings have been completed and saved you will have access to the MetaData and Translations tab. 

Image Removed

Metadata

The Metadata tab provides the XML that would be provided to the service provider

Image Removed

Translations

Translations can be used to change the text displayed on your login button from the user side. We can create as many different translations as we have available on our system. For this example, we have English and French. 

Image Removed


If you are configuring a system to work with SAML refer to this wiki article for setup information.


Managing Login Sources

We can manage our login sources by either editing or deleting them using the two buttons to the right of each source.

Archiving a login source means that it will no longer display on the user side and any users associated with this source will be removed from logging in this way. 

Related Pages

Filter by label (Content by label)
showLabelsfalse
showSpacefalse
sorttitle
cqllabel in ("sso","ldap","login") and space = currentSpace()


Show if
special@authenticated


Support Agent Notes

Troubleshooting LDAP - 

When LDAP has connection issues (server temporarily offline / not setup properly etc) papertrail will get a log about it:

Refer to the Troubleshooting section of https://mywiki.papertrailappops-com.com/systems/WEB-OC_WVU-NP/events?selected=1329931097278210058

  • It is required that the Login Sources are created first and then the accounts can be created on our system using the login source. Using SAML for example doesn't actually create the accounts for us and changes made on either system are not communicated between each other. 
  • If the client requires a certificate from us we need to know if a self-signed cert is enough or if they require a valid paid certificate. 

For setup, the following is an example of a successful response that our system can use. We require attributes to be sent with the response. These attributes what is used to match to a user in our system.

xml

x/BICwFw to find out all the details.