Home / Server is the main view of Ubisecure SSO Management. The home sub node Server represents the Ubisecure SSO Server object in the Ubisecure Directory.
The Site Manager main view differs from the view seen by System Administrator. Site Manager view is presented in Figure 1.
|Figure 1: The view of Ubisecure SSO Management for a Site Manager|
A Site Manager can manage only sites that the System Administrator or other Site Manager has delegated. There is no link to the methods configuration view from Home.
The System Administrator can see the following view (Figure 2).
|Figure 2: The System Administrator main view in Ubisecure SSO Management|
In addition to the different Server view, there is a link to the following configuration views for the System Administrator:
- Global Method Settings
- Attribute Mappings
- Directory User Mappings
The following functions and configuration settings are available in Home/Server view:
- Metadata: SAML 2.0
Ubisecure SSO acts as both an Identity Provider and Service Provider in SAML. SAML 2.0 metadata contains information about public keys and endpoint addresses needed when Ubisecure SSO is communicating with SAML Service Providers. This is a link to a metadata file which contains the metadata that is exchanged with both Identity Providers and Service Providers.
Ubisecure Search is a utility for quickly finding Ubisecure Directory objects. Please see Session information page - SSO for more information.
- Single Sign-On Session Timeout
Specify the number of minutes of inactivity after which a user session times out. Click Update to update the value. After this timeout, re-authentication to the Web Applications is required for the end-user.
Please refer to the separate Timeout configuration - SSO page for more information. A value specified for Web Applications can override this setting. User session timeout value is determined by the smallest of the following values:
- Ubisecure SSO timeout
Timeout values of those Web Applications that have been used in the user session
- Reset secret
Resetting the server secret is recommended after the first installation and after each upgrade. The server must be restarted and all single sign-on sessions are terminated.
- Log viewer
Log Viewer is a utility to facilitate viewing of Ubisecure related log files. Please see the page for Log Viewer for more information.
System site contains only Ubisecure specific Web Applications, groups and an Administrator user account. By default system site is accessible only for System Administrator.
NOTE: Do not create any new objects in the System site or its sub sites. Allow access to System site only to personnel responsible for deciding who is allowed to control Ubisecure SSO with full privileges!
As you see in figure below, there are number of Web Applications in the System site.
|Figure 3: Web Applications in the System site|
By default the following objects are available under the System site.
|Application: Ubilogin||Ubisecure SSO Management Web Application. The Management application's authentication methods and access control list are configured here.|
|Application: LogViewer||Ubisecure LogViewer Web Application. Although LogViewer is part of Ubisecure SSO Management application it can also be accessed separately. The application's authentication methods and access control list are configured here.|
|Application: Search||Ubisecure Search Web Application. Although Search is part of Ubisecure SSO Management application it can also be accessed separately. The application's authentication methods and access control list are configured here.|
|Group: Administrators||Administrator group users are allowed to access Ubisecure SSO Management application as System Administrator. By default this group contains only one user: System Administrator.|
|Group: Authenticated Users||This group automatically contains every user that is registered in the Ubisecure Directory . Unregistered or dynamic users that are authenticated only with third party authentication services are not part of this group.|
|User: Administrator||The System Administrator user is the only user in Ubisecure SSO system in the default Ubisecure SSO setup.|
|Method: Password||Password is the only authentication method in Ubisecure SSO system in the default Ubisecure SSO setup.|
|The Sub site Password is also listed under the System site.|
|Application: Password||Ubisecure Password application SAML SP. Ubisecure Password application is a self-service application for Ubisecure Directory and external directory users. The application's authentication methods and access control list are configured here.|
|Optionally, the following objects, if installed, are available under System site.|
|Application: Ubisecure Confirm||Ubisecure Confirm Application. Ubisecure Confirm is an optional component that provides transaction confirmation services. Please refer to the Ubisecure Confirm documentation for more information.|
|Application: Metadata Updater Application||Metadata Updater Application. Metadata Updater is an optional component of Ubisecure Trust that enables automated creation of trust relationships for federated identity networks such as those used in the government and educational sectors. Please refer to the Metadata Updater documentation for more information.|
For details about Ubisecure applications (Applications), users, groups and methods, please see the other pages under SSO Management.