User and Programmers Guide
- User Guide
- Programmer Guide
This document describes the user and programming guide for Identity Management component. Here you will find the necessary steps for use the IdM portal for create an account and manage it. You will also learn about role and applications management.
Go to "Sign in" if you heave previously created an account, otherwise "Sign up" to create a new account:
Figure 1: IdM Log in page
Figure 2: IdM Sign up page
Once you have logged successfully, you will be redirect to the home page. There are two main sections, Applications and Organizations.
Figure 3: IdM home page
List of applications
Look at the vertical menu on the left and click on the My Applications option. Here you can see the application in which you are authorized. You can also select one of the organizations to which the user belongs and show all its applications.
Figure 4: List user applications
Figure 5: List organization applications
Register an application
Figure 6: Home register an application
In the next step you have to give the application a name, description, URL and callback URL - required by the OAuth 2.0 Protocol. You also have to choose how is going to be the provider of the application: yourself or one of the organizations in which you are owner.
Figure 7: KeyRock Register Application
Click on "Next" (Figure 7).
In the second step the application's logo will be loaded by selecting a valid file type. You have the option to re-frame the chosen image.
Click on "Crop Image" when you complete this process and then click "Next" as shown on Figure 9.
Figure 8: Upload logo Application
Figure 9: Crop image
In the third step we set up the roles and permissions of the application. In the next section it is explained.
In this page you will find two default roles: Provider and Purchaser. If you click in one of this roles you will see the permissions assigned to that role.
Figure 10: List of roles and permissions
You are also able to create new roles and permissions.
Figure 11: Create roles and permissions
To create a new role click on "New role" and write the name of role, after that click "Save".
Figure 12: Create a role
You are also permitted to add up new permissions by clicking on "New Permission". Here you need to enter the name of the permission, description, HTTP verb (GET, PUT, POST, DELETE) and the Path to that permission. Click "Create Permission" and "Finish" to finalize with creating the application.
Figure 13: Create a permissionYou can also configured a specific XACML rule if you need it.
In addition you can edit and delete all the roles and permissions that you have created by clicking in the corresponding buttons.
You can configure the permissions for the new role by activating the correspondng check box. Click "Save" button to create the new assignment.
Figure 14: KeyRock New assignment
Once you have created an application, you are redirected to the page where all the information is displayed. You can also access this information by clicking in the corresponding application from the My Applications page. The Oauth2 credentials of the application are displayed in this page.
Figure 15: Application view
You can also perform several actions:
- Edit the application. Here you can change applications attributes: name, description, url, redirect_uri and logo.
- Manage roles. Explained in the previous section.
- Register a Pep Proxy.
- Register an Iot Agent.
- Authorize users.
- Authorize organizations.
Register Pep Proxy and Iot Agents
For each application you can register a Pep Proxy in order to enable authentication and authorization via Oauth2. You can also register some IoT agents in the application to provide lightweight security mechanisms to yours IoT devices.
Figure 16: Pep Proxy and Iot Agents register
Authorize users and organizations
You can add users or organizations in the application by clicking on the "Authorize" button.
Figure 17: KeyRock authorizeIt shows a modal where you can manage Users and Groups. You can see the users or organizations and their initially assigned roles. You can search users or organizations in the right column. Note that you can assign roles after the user or organization have been added, by clicking on the roles drop down menu - below the user's icon, as shown on Figure 18 and Figure 19.
Figure 18: KeyRock Authorize users
Figure 19: KeyRock Authorize organizations
When you assign roles to an organization, you assign it to the users who are owners or memebers of the application. In next section is explained more in detail how to manage organizations.
Authorize trusted applications
Keyrock allows application owners to trust in other applications. Thus, a PDP check will validate if the user has an specific permission in the current application or in one of the applications in which it trusts. For adding trusted applications you can use the API or the web interface:
Figure 20: KeyRock Trusted Applications
Look again at the vertical menu on the left and click on the Organizations option. Here you can see all organizations to which the user belongs.
Figure 20: KeyRock list organizations
Click the "Create" button to create a new organization.
In order to create an organization you need to specify a name and a description of it and then click on the "Create Organization" button.
Figure 21: KeyRock create organization
You are now redirected to the Home menu on behalf of the newly created organization. Here you can see the several attributes of the organization.
Figure 22: KeyRock Organization view
You can also perform several actions:
- Edit the organization. Here you can: name, description, url and logo.
- Manage members.
If you click on the "Manage" button in the show view a modal is openned. In this modal you can search users to add to the organization. You can assign them the owner role or the member role. Only the owners of the organization can edit or add new members to it.
Figure 23: KeyRock Organization view
Figure 24: KeyRock Screencast