CHARON
The installation is rather easy. You have to copy the .war file of the Administration Client to the webapps folder of your tomcat installation. After a restart of the tomcat server, the war archive will be unpacked. Now, you can adopt the configuration files, which are in the folder
${AdministrationClient_HOME}/WEB-INF/config .To complete the installaion you have to restart the tomcat server. A description of the individual configuration files follows in the next section.
The Administration Client has 6 configuration files. All configuration files are written in XML and are saved in the directory
${AdministrationClient_HOME}/WEB-INF/config ,except for the log4j configuration file, that is written in the java .properties file format.
This file contains all informations, which are required to register a new username identity and to communicate with a WNS. Whereby the data for the WNS are optional. If they are not contained in the configuration file, this feature will be deactivated. If you want to use this feature, you require a WNS. The Administration Client was tested with the 52North WNS. The installation instructions for this WNS can be found on the 52North Site.
A detailed description of the individual tags can you find within the configuration file.
This file contains the default service URLs, which should be shown on the login page after an invocation of the Administration Client.
This file contains the Service URLs of all related Identity Management and Authentication Services. For example, this information is required, if you want to assign an identity to a profile. So the client can show you all identities of all known Identity Management and Authentication Services and you can select the one, you want to assign.
This file contains a GetCapabilities request for the Profile Management Service. The GetCapabilities operation request is defined in Subclause 7.2 of the OGC Web Services Common Specification 1.0.
This file contains the request for the Notification Service, that should be sent, if a user wants to send a message to the administratior. The format of this file depends on the WNS that should be used. The following three macros can be used within the configuration file:
This string will be replaced by the WNS user id of the administrator.
This string will be replaced by the user name of the user that sends the message.
This string will be replaced by the message that the user will be sent.
In order to login at the Administration Client, you have to invoke the start page of the Administration Client, enter your username and the corresponding password and click on the “Login” button. Additional you can change the default service URLs, if you want to administrate other services. If you haven’t any account yet, you can register a new account. How this works, will be shown in the next chapter.
To register a new user, you have to click on the “Register” button of the start page of the Administration Client. When you do this, you will see the Dialog of the following figure.
In this dialog, you have to enter your new username and your password. After the registration was completed successfully, you can login with your new username.
After you have logged in, you will see a bar at the upper end of the page. On the right side, there is a button to write a message to the administrator, the name of the username identity you have logged in with and a link to sign out. The button to write a message to the administrator is hidden, if you have deactivated this feature. (See the chapter about the configuration file AdministrationClientProperties.xml)
After you have logged in, you will see the menu bar on the left side of the screen. This bar has a Stack Panel with children for the profiles, the username identities, the group identities and the policies. If you click on a child, you will see the corresponding objects below the header of this child and the header contains two buttons for the creation of a new object and for the deletion of an object. If you click on an object, a view with the data of the object will be shown on the right side of the screen. The several views will be described in the next chapters.
On the first Tab, you can see all profile attributes and the corresponding values. If you mark an attribute on the table, you will see the values of the marked attribute in the bottom list. Under the list, there is a text field, where you can write a new value of the attribute. When you click on the plus button, the new value will be added. If you mark one or more values of the list and click the minus button, the marked values will be removed from the attribute.
The attribute names are specified by the GetCapabilities operation of the Profile Management Service.
On the second tab, you can assign identities to the profile. Therefore, you have two lists. The left list contains all identities, which are assigned to the profile, and the right list contains all identities, which are currently not assigned to any profile. With the buttons in the middle, you can assign or unassign identities to the profile.
Note: An identity can only be assigned to one profile at the same time.
On the first tab, you can see the attributes. This tab is similar to the first tab of the subject view with the exception that you can add new attributes. The attributes of the profiles are specified by the corresponding Profile Management Service and the attributes of the identities can be chosen without restrictions. So there is a plus button on the right upper corner of the attribute table. If you click on this button, you can add a new attribute.
The second tab contains general information about the group identity. The first cell contains the information, if the identity is activated and a button to activate or deactivate the identity. The second cell contains information about the profile, the identity is assigned to.
Note: An identity can only be activated, if it is assigned to a profile and if you remove the assignment, the identity will be deactivated.
On the third tab, you can assign username identities to the group identity. Therefore, you have two lists. The left list contains all identities, which are assigned to the group, and the right list contains all known username identities, which are currently not assigned to this group. With the buttons in the middle, you can assign or unassign identities to the group.
Note: A username identity can be assigned to different groups at the same time. Group identities can not be assigned to groups.
The first tab has the same structure as the first tab of the group identity view. The second tab contains general information about the identity. The only difference between this tab and the second tab of the group identity view is the “change password” button. With this button, you can add/change the password of the password credential of the identity.
Note: A username identity can have a password credential, but a group identity has no credentials. So you can authenticate an username identity but no group identities.
The first tab shows the content of the policy with syntax highlighting. But you cannot modify the policy.
The second tab shows the policy in a text area and allows to modify the policy. With the check button can you validate the policy and with the save button you can save a modified policy on the server. If you don’t want to edit a policy in the text area, then you can copy the policy in an external editor, save it in a file and upload the file. Therefore you have to click the browse button and select the corresponding file. After that you can click the upload button to upload the file with the policy. The content of the file will be saved in the marked policy on the server.
