It is anticipated that most users will use their existing locally provided credentials for obtaining grid credentials and only users that are un-affiliated with an existing credential provider should register directly with Dorian. The Dorian Identity Provider (DorianIdP) gives developers, smaller groups, research labs, unaffiliated users, and other groups that don't have their own IdP, the ability to leverage Dorian. The DorianIdP provides a method for prospective users to register for an account. When users register they create a user id and password which they can subsequently use to authenticate with the Dorian IdP. When a user authenticates, the Dorian IdP provides the user with a SAML assertion, which can then be used to authenticate with Dorian's to create grid proxies. The DorianIdP provides mechanisms for administrators to manage users; this includes modifying user information (name, address, email, etc.), changing passwords, granting and revoking access, and other administrative actions. All operations provided by the Dorian IdP are made available through Dorian's grid service interface. Administrative operations require administrators to authenticate with a trusted grid proxy. The GAARDS UI provides a method for perspective users to register with the Dorian IdP. The GAARDS UI also provides a mechanism for Dorian IdP administrators to administrate Dorian IdP user accounts. To manage Dorian IdP users through the GAARDS UI, complete the following steps:
From the top menu select Account Management => Local Account => Local Account Management, this will launch the Local Account Management window.
From the Manage Users window, you may search for local user accounts managed by the Dorian IdP, manage user accounts, and remove user accounts. To list all local user accounts managed by a Dorian IdP, select the URI of the Dorian you are interested in from the Service drop down. If you don't see the URI of the Dorian you are interested in, enter it.
Next select the grid proxy to use from the Proxy drop down. You will need to select a proxy of a Dorian IdP administrator.
Finally click the Find Users button to list all the local user accounts managed by the selected Dorian IdP. To narrow your search, you may also specify search criteria. The Dorian IdP supports the following search criteria on local user accounts: by status, by role, and by user information (first name, last names, address, etc). For example, if you want to search for all the accounts that are pending administrative approval select Pending from the User Status drop down.
Manage Local User Account
To manage individual local user accounts through the GAARDS UI, from the Manage Users window select the user of interest and click the Manage User button, this will launch the Manage User window. The Manager User window contains four tabs:
User Information - Contains the user's demographic information, which includes their first name, last name, mailing address, organization, phone number, and email address.
Account Information - A user account information consist of their status within the Dorian IdP (Active, Pending, Suspended, Rejected) and the user's role within the Dorian IdP (Administrator or NonAdministrator). Newly registered users may have an account status of Pending meaning an administrator has yet to approve their account. An account can be approved by changing a user's Pending status to Active. Likewise an account can be rejected by changing a user's status from Pending to Rejected. An account can be temporarily suspended or permanently suspended by changing a user's status from Active to Suspended. A temporary account suspension can be removed by changing a user's status from Suspended to Active. It is important to note that a User's Status within the Dorian IdP has no relationship to a Dorian grid user account status. Thus having an account in the Dorian IdP does not guarantee that you will have a working grid user account, this will depend on the user policy configure for the Dorian IdP within the Identity Federation component of Dorian. Likewise a user's role with the Dorian IdP has no relationship to a user's role with the Identity Federation component of Dorian. Although a Dorian IdP user with an Administrator role in the Dorian IdP may administrate local user accounts in the Dorian IdP, they may not administer grid user accounts.
Password Security - Contains information related to the user's password security. After a configured amount of invalid logins, Dorian will temporarily suspend the user's account for a configured amount of time. Once that time has expired or if an administrator resets the user's password, Dorian will automatically activate that account. After a configured amount of total invalid logins occur Dorian will suspend the user's account until their password is reset by an administrator.
Change Password - Provides inputs for resetting a user's password. To commit any changes made to a user's Dorian IdP account, click the Update User button; the changes are reflected immediately.