Index | Prev | Next

Circle of Trust Editor (saml-CircleOfTrust)

Located in the SAMLIdPService, this component specifies a collection of users that can log in to a collection of stations. It is useful for managing a select set of stations and the users logging in to those stations.

You configure this component’s properties using the Circle Of Trust Editor, where you can name the circle, provide a description, etc.

Each circle must have a Supervisor that acts as the Identity Provider (IdP). The IdP manages only one circle. Only a Niagara station may serve as an IdP.

Hardware support depends on the release version of this feature.

This component is found in the saml palette.

Figure 23.   Circle of Trust Editor properties
Image

To access these properties, expand Config > Services > SAMLIdPService > Circle Of Trust Folder and double-click CircleOfTrust .

In addition to the standard property, Enabled, these properties configure this component.

Property Value Description
Description string Provides a name for this circle of trust.
Http Redirect Endpoint read-only Shows the URL for this circle of trust.

This value (as well as the IdP Host URL+ IdP Host Port) configures the IdP Login Path in the remote station’s SAML authentication scheme. Typically covered by the configure Niagara IdP and SAMLAuthenticationScheme’s provisioning job, but for stations not in the NiagaraNetwork the you must add the scheme manually.

Circles

This editor applies to four groups of stations.

  • Stations selects the station(s) to include in this circle of trust. You are not limited to stations in the NiagaraNetwork.
  • Users selects user(s) from your UserService to include in this circle of trust. The selected users may log in to the stations in the circle.
  • Auth Schemes specifies which authentication schemes may be used when logging in. This accommodates users who may not yet exist in your station. For example, you might specify the LdapScheme so that LDAP users can log in.
  • Prototypes selects one or more user prototypes in the Supervisor’s UserService that may be used when logging in to the remote station.

Stations buttons

Clicking the New Station button opens a window for setting up a new station. The Edit Station button opens the same window for an existing station. The Delete Station button removes the select station from the circle of trust.

Figure 24.   Circle of trust New Station properties
Image
Property Value Description
stationName text string Identifies the name of the station to add to the circle of trust.
Certificate Choose File and Clear File buttons Selects and clears the station’s SAML certificate.
Issuer URL URL Identifies
Use SAML Encryption true (default) or false Enables (true) and disables (false) use of SAML encryption.

Buttons for the Prototypes circle

  • Add opens an Add Prototype window with a single property used to identify the prototype.
  • Edit opens a window for editing the name of the prototype.
  • Delete removes the selected prototype from the circle of trust.

Related Links

  • Components (Parent Topic)

    • Related References

  • SAML Authentication Scheme (saml-SAMLAuthenticationScheme)
  • S A M L Attribute Mapper (saml-SAMLAttributeMapper)
  • SecurityService (nss-SecurityService)
  • Security Dashboard View (nss-SecurityDashboardView)

    • Index | Prev | Next