The purpose of this module is to show you how to delegate mandates to other users so they can perform selected functions you choose
- CustomerID installed
Overview of this lab
We will use CustomerID administrative interface to configure delegated role management using mandates. In a nutshell, these are the four main steps:
Part 1: Create Users
In order to create users:
Log in as Scott Long (SmartPlan Admin). This user was created during Lab 1.1
Enable adduser workflow. In order to do that, edit the following on eidm2.properties file:
eidm2.propertiescreateuser.workflows = adduser registration.1 = adduser registration.1.enabled = false registration.1.tupas.disabled = true registration.1.approval = false registration.1.methods = [ { "name" : "password.2", "mandatory" : "true", "visible" : "false", "default" : "true" } ] registration.1.userinfo.fields = firstname, surname, email, password registration.1.organizations = { "path" : "Users"} registration.1.summary.fields = firstname, surname, email
- Restart Wildfly
- Log in as Scott Long and open "Users" tab
- Now the button "Add User" should be visible. Click on it:
- Create Jeremy Mills user and give him contact person role for City Group Inc as shown on the following images. The password must contain both numbers and letters.
- In order to continue, on the next step I must select a role. Type the company name in the Search box.
- Now log in as Jeremy Mills to verify the user has been created.
Part 2: Create Service
The goal of this section is creating a new organization using the following values:
Technical Name | mysmartplan |
Display Name | My SmartPlan |
Organization Type | site |
Service | true |
Do not use spaces in technical name.
- Log in to CustomerID as an administrator. From the "front page" you will see the button to create a new organization.
- Once you select "Create new organization," the next screen will be:
Part 3: Define Mandate
Ubisecure Identity Server uses roles and mandates. This is how roles look in the administration interface for My SmartPlan:
Exercise. You can customize text description for Visitor, member, owner on custom/roles.properties files
# English en.friendlyName.visitor = Visitor en.description.visitor = Visitor can view public information. en.friendlyName.member = Member en.description.member = Member can read private information. en.friendlyName.owner = Owner en.description.owner = Owner can write information and manage user rights.
This is how the interface looks after the changes (observe "Description" column):
Now it's time to understand how mandates work in real:
What is the difference between a role and a mandate?
Role
Examples:
| Mandate
Examples:
|
Mandates can be configured to require approval by a organization administrator. We will disable this for today.
Allowed roles must be defined in the custom\eidm2.properties configuration file.
general.admin.organization.users.includerolemembers = true mandate.roles.allowed = owner,member,visitor mandate.receiver.approval = false
Exercise. Create organization mandate
Create a mandate including the Online Service Member role
- Open Online Service and Mandates tab
- Set City Group Inc. as receiver of the mandate. Company ID: 2184053-5
- Choose role Member to be included in the mandate
Exercise. Delegation
- Log in as Jeremy Mills
- Open City Group Mandates tab
- Even Jeremy must receive the role through delegation in order to use it
- •All roles contained in the mandate are given
Customer Data Integration with REST API
Query users
https://login.smartplan.com:7443/customerid-rest/services/2.1/users/?username=restuser&password=restpass
shows all users
e.g.
<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <Users xmlns="http://schema.ubisecure.com/customerid/api" inResponseTo="/2.1/users/" method="GET"> <Id>6225612a-02c4-4f5c-b875-bbb23379a6f2</Id> <Id>1f216754-e009-4153-9e58-f6dd1ccdfefb</Id> <Id>980a4aa3-8dac-4365-af75-58028d2353eb</Id> <Id>d6cb9cea-b807-49a6-9746-99608591d89e</Id> <Id>d69ce890-76a2-40be-8677-3ec951954b25</Id> <Id>9bfba31b-5047-4baf-941c-e88ce15707e3</Id> </Users>
Query user info
Pick one user ID from the output, such as 6225612a-02c4-4f5c-b875-bbb23379a6f2, and use it in the query user command below:
https://login.smartplan.com:7443/customerid-rest/services/2.1/users/6225612a-02c4-4f5c-b875-bbb23379a6f2?username=restuser&password=restpass
The individual user information will be shown:
e.g.
<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <User xmlns="http://schema.ubisecure.com/customerid/api" inResponseTo="/2.1/users/6225612a-02c4-4f5c-b875-bbb23379a6f2" method="GET" type="user"> <Attribute name="id"> <Value>6225612a-02c4-4f5c-b875-bbb23379a6f2</Value> </Attribute> <Attribute name="firstname"> <Value>Leena</Value> </Attribute> <Attribute name="surname"> <Value>Laine</Value> </Attribute> <Attribute name="cn"> <Value>cd4b6658-b4c5-4e39-82e9-aa19e73bb42f</Value> </Attribute> <Attribute name="login"> <Value>leena.laine</Value> </Attribute> <Attribute name="email"> <Value>leena.laine@example.com</Value> </Attribute> <Attribute name="organization"> <Value>Users</Value> </Attribute> <Attribute name="status"> <Value>Enabled</Value> </Attribute> </User>