Local Dorian Identity Provider

[ Dorian: Administrators Guide | Developers Guide | Users Guide | caGrid: Documentation Guides ]

Local Registration with Dorian

It is anticipated that most users will use their existing locally provided credentials for obtaining grid credentials and only users that are un-affiliated with an existing credential provider should register directly with Dorian. The Dorian Identity Provider (DorianIdP) gives developers, smaller groups, research labs, unaffiliated users, and other groups that don't have their own IdP, the ability to leverage Dorian. The DorianIdP provides a method for prospective users to register for an account. When users register they create a user id and password which they can subsequently use to authenticate with the Dorian IdP. When a user authenticates, the Dorian IdP provides the user with a SAML assertion, which can then be used to authenticate with Dorian's to create grid proxies. The DorianIdP provides mechanisms for administrators to manage users; this includes modifying user information (name, address, email, etc.), changing passwords, granting and revoking access, and other administrative actions. All operations provided by the Dorian IdP are made available through Dorian's grid service interface. Administrative operations require administrators to authenticate with a trusted grid proxy. The GAARDS UI provides a method for perspective users to register with the Dorian IdP. The GAARDS UI also provides a mechanism for Dorian IdP administrators to administrate Dorian IdP user accounts.

Registering with the Dorian IdP

To register with the DorianIdP through the GAARDS UI, use the following steps:

1. From the top menu bar in the GAARDS UI select User Management => Local Account => Registration.
2. To register first select the URI of the Dorian you wish to register with. Next specify a username and password; this will be the username and password that you use to authenticate with the Dorian IdP.
3. Finally enter your personal information and click the Apply button. In most cases your account will need to be approved by an administrator before you will be able to login. Depending on the policies of your administrator, you may be contacted once your account has been approved as the Dorian IdP does not provide an automated method of contacting you.

Local Account Management

Local Account Management

To manage local Dorian IdP account through the GAARDS UI, use the following steps:

1. From the top menu bar in the GAARDS UI select User Management => Local Account => Local Account Management.
2. From the Local Account Management window, you may search for local user accounts managed by the Dorian IdP, manage user accounts, and remove user accounts. To list all local user accounts managed by a Dorian IdP, select the URI of the Dorian you are interested in from the Service drop down. If you don't see the URI of the Dorian you are interested in, enter it.
3. Next select the grid proxy to use from the Proxy drop down. You will need to select a proxy of a Dorian IdP administrator.
4. Finally click the Find Users button to list all the local user accounts managed by the selected Dorian IdP. To narrow your search, you may also specify search criteria. The Dorian IdP supports the following search criteria on local user accounts: by status, by role, and by user information (first name, last names, address, etc). For example, if you want to search for all the accounts that are pending administrative approval select Pending from the User Status drop down.

Local User Management

To manage individual local user accounts through the GAARDS UI, use the following steps:

1. From the Local Account Management window select the user of interest and click the Manage User button to open the Manage User window (see below).
2. From the Manage User window, change the user's demographic information, which includes their first name, last name, mailing address, organization, phone number, and email address. A user's demographic information can also be changed in the User Information tab. Through the Account Information tab you can also change a user's account information. A user account information consist of their status within the Dorian IdP (Active, Pending, Suspended, Rejected) and the user's role within the Dorian IdP (Administrator or NonAdministrator). Newly registered user's may have an account status of Pending meaning an administrator has yet to approve their account. An account can be approved by changing a user's Pending status to Active. Likewise an account can be rejected by changing a user's status from Pending to Rejected. An account can be temporarily suspended or permanently suspended by changing a user's status from Active to Suspended. A temporary account suspension can be removed by changing a user's status from Suspended to Active. It is important to note that a User's Status within the Dorian IdP has no relationship to a Dorian grid user account status. Thus having an account in the Dorian IdP does not guarantee that you will have a working grid user account, this will depend on the user policy configure for the Dorian IdP within the Identity Federation component of Dorian. Likewise a user's role with the Dorian IdP has no relationship to a user's role with the Identity Federation component of Dorian. Although a Dorian IdP user with an Administrator role in the Dorian IdP may administrate local user accounts in the Dorian IdP, they may not administer grid user accounts. Finally you may also change a user's account password; this can be done through the Change Password tab.
3. To commit any changes made to a user's Dorian IdP account, click the Update User button; the changes are reflected immediately.