Understanding the User Interface
The application is displayed in different frames: the header toolbar on the top and the main area in the middle with the fields and its snippets.
Header Toolbar
The header toolbar is the area on the top that shows an application name, the available working modes, as well as the signed-in user and shortcut keys.
Home Tab
The Home tab provides the Sign in button. Click this button to open the window to enter the user name and password. Then provide the user name and password and click Login.
User
For a Windows user, you can enter the name for a domain.
<domain name>\<user name>
Password
Enter the password for the provided user.
Sessions
Shows all current sessions of the logged in user. Open browser sessions are shown and can be deleted. The current session is explicitly indicated. All issues tokens, which are for example used by the platform's Web UIs, can also be deleted. Deleting tokens does not necessarily have an immediate effect, as there is no token revocation. Therefore, tokens will stay valid for resource services that cached them.
Management Tab
The Management tab is shown only for a signed-in administrator user. The tab shows a table of all available client IDs. If needed, you can add a new and edit or delete an existing client ID. You can also show the client ID's details in a separate window.
The table provides the following columns:
- ClientId - Available client Id
- Client Secrets - If a client secret is available for a client Id the Copy button is displayed that allows you to copy the client secret into the clipboard.
- Permissions - The permissions include authorization modes, introspection settings, and additional permissions.
- RedirectUris - a list of valid redirect uris for the client
- PostLogoutRedirectUris - a list of valid post logout redirect uris for the client
- Type - if the client is a public or confidential client.
- Actions - Buttons to edit, view or delete the application client registration
Roles
Only available for administrators.
This tab shows all available roles. These roles can be used, for example, by the platform, for internal role assignments. There are 2 actions available: deleting and hiding roles. After a role is deleted, the role is deleted from the stored list. Roles can also be hidden, which is more practical if the intention is to not make the role available for external applications, such as the platform.
Active Directory user groups are shown as a role. These roles are not the roles that are part of the platform. Commonly, a role is assigned to a platform role. Other applications can do similar assignments.
Identity Providers
The Authorization Server by default integrated into Windows Active Directory. The Identity Providers tab allows to configure settings for Active Directory. External identity providers can be configured here as well. Please refer to How to configure identity providers for more information.
In Active Directory Settings, you can configure whether or not AD users and groups are collected and made available in the Roles tab. You can define which groups are made available - only for the local machine, only for the domain, or both. You can specify an Active Directory name or container.
Global IDP Settings allow to disable the automatic collection of roles of users that are authenticated by external identity providers. The service also periodically queries all external IDPs for available roles. This interval can be set here as well.
Toolbar and Other Icons
The following icons are shown on the user interface.
Symbol |
Name |
Description |
|---|---|---|
|
Help |
Click this icon and select either Show help or About from the context menu. Clicking Show help, opens the client's user guide help in a new window. Clicking About, opens the client's About window with copyright as well as third-party copyright information. |
|
Copy client ID |
Click this icon to copy the client ID into the clipboard. |
|
Edit client ID |
Click this icon to open the Edit Client Id window that allows you to change the current settings for the client secret, permissions, custom permissions, redirect Uris, and post logout redirect Uris. |
|
Show details |
Click this icon to show the Client ID details window. The window list the client ID, client secret, the permissions, the post logout redirect Uris, and redirect Uris. |
|
Delete client ID |
Click this icon to delete the client ID with all its details. |
Shortcut Keys
The following shortcut keys are provided.
| Shortcut Key | Action |
|---|---|
| Sign in | Allows the user to enter a user name and password and click Login to sign in to the TCG Authorization Server. The signed-in user can now access available Primus components and clients without the need to sign in again. |
| New Client ID | Click the button to open the Add New Client Id window that allows you setting up the settings for a new client ID by providing the configuration for client secret, permissions, custom permissions, redirect, and post logout redirect Uris. To save the changes, click Create Client Id button. |
| Create Client ID | Click the button to create a new client ID with the current settings in the Add New Client Id window. |
| Edit Client ID | Click the button to open the Edit Client Id window that allows you changing the settings for an existing client ID by providing the configuration for client secret, permissions, custom permissions, redirect, and post logout redirect Uris. To save the changes, click Save Client Id button. |
| Save Client ID | Click the button to edit a client ID with its current settings for client ID and client secret, permissions, custom permissions, redirect and post logout redirect Uris. |
| Sign out | Click the button and confirm the log out by pressing Yes to log out the current user. |