...
- After deployment, the "My Metadata" screen is initially empty.
- Using an "Add Role" button (we might rename it if a better suggestion arises), the user can select one of the following: SAML IdP, OIDC OP, SAML SP, OIDC RP.
- Regardless of the selected role, the user can set up a Display Name and a Logo.
- If the SAML IdP role is selected, a checklist of supported entity categories will be available:
- Research & Scholarship
- Anonymous Access (v2)
- Pseudonymous Access (v2)
- Personalised Access (v2)
- If the SAML SP role is selected, the following settings/attributes are available:
- Research & Scholarship
- Code of Conduct
As a
System Administrator
I want to
Set up the initial identity roles and metadata for the newly installed instance, so that the instance can participate in one or more federations as either a Service Provider (SP/RP), Identity Provider (IdP/OP), or both.
Description:
Upon completion of the installation process, the system instance must be configured to participate in one or more federations. These federations may include SAML federations, a collection of OpenID Connect (OIDC) parties, or internal organizational federations. The instance can assume the role of a SAML Service Provider (SP), SAML Identity Provider (IdP), OIDC Relying Party (RP), OIDC OpenID Provider (OP), or a combination of these roles.
Acceptance Criteria:
Initial Screen State:
- After deployment, the "My Metadata" screen should be displayed with no pre-configured roles or metadata.
Add Role Button:
- A button labeled "Add Role" should be available on the "My Metadata" screen. This button may be renamed based on better suggestions for clarity.
- When the "Add Role" button is clicked, the user should be presented with a selection of roles:
- SAML Identity Provider (SAML IdP)
- OIDC OpenID Provider (OIDC OP)
- SAML Service Provider (SAML SP)
- OIDC Relying Party (OIDC RP)
Role Configuration:
- Upon selecting any of the roles, the user should be able to configure the following general attributes:
- Display Name: A user-defined name that will represent this role within the federation.
- Logo: An optional logo image that visually represents the role in the federation.
- Upon selecting any of the roles, the user should be able to configure the following general attributes:
SAML IdP Role Configuration:
- If the user selects the SAML IdP role, they should be presented with a checklist of supported entity categories to choose from:
- Research & Scholarship
- Anonymous Access (v2)
- Pseudonymous Access (v2)
- Personalized Access (v2)
- If the user selects the SAML IdP role, they should be presented with a checklist of supported entity categories to choose from:
SAML SP Role Configuration:
- If the user selects the SAML SP role, they should be provided with the option to configure the following settings/attributes:
- Research & Scholarship
- Code of Conduct
- If the user selects the SAML SP role, they should be provided with the option to configure the following settings/attributes:
Notes:
...
...
Adding remote entity metadata
...
- On the Configuration screen, the user adds a data source:
- SQL
- LDAP
- Other...
- The user adds connection data for the data source.
- The user adds attribute mappings for the data source, e.g., DB field → attribute name.
User story format
"Initial setup"
As a
System Administrator
I want to
Set up the initial identity roles and metadata for the newly installed instance, so that the instance can participate in one or more federations as either a Service Provider (SP/RP), Identity Provider (IdP/OP), or both.
Description:
Upon completion of the installation process, the system instance must be configured to participate in one or more federations. These federations may include SAML federations, a collection of OpenID Connect (OIDC) parties, or internal organizational federations. The instance can assume the role of a SAML Service Provider (SP), SAML Identity Provider (IdP), OIDC Relying Party (RP), OIDC OpenID Provider (OP), or a combination of these roles.
Acceptance Criteria:
Initial Screen State:
- After deployment, the "My Metadata" screen should be displayed with no pre-configured roles or metadata.
Add Role Button:
- A button labeled "Add Role" should be available on the "My Metadata" screen. This button may be renamed based on better suggestions for clarity.
- When the "Add Role" button is clicked, the user should be presented with a selection of roles:
- SAML Identity Provider (SAML IdP)
- OIDC OpenID Provider (OIDC OP)
- SAML Service Provider (SAML SP)
- OIDC Relying Party (OIDC RP)
Role Configuration:
- Upon selecting any of the roles, the user should be able to configure the following general attributes:
- Display Name: A user-defined name that will represent this role within the federation.
- Logo: An optional logo image that visually represents the role in the federation.
- Upon selecting any of the roles, the user should be able to configure the following general attributes:
SAML IdP Role Configuration:
- If the user selects the SAML IdP role, they should be presented with a checklist of supported entity categories to choose from:
- Research & Scholarship
- Anonymous Access (v2)
- Pseudonymous Access (v2)
- Personalized Access (v2)
- If the user selects the SAML IdP role, they should be presented with a checklist of supported entity categories to choose from:
SAML SP Role Configuration:
- If the user selects the SAML SP role, they should be provided with the option to configure the following settings/attributes:
- Research & Scholarship
- Code of Conduct
- If the user selects the SAML SP role, they should be provided with the option to configure the following settings/attributes:
Notes:
- The user interface should be intuitive and guide the user through the process of role selection and configuration.
- The roles and their configurations should be saved and reflected in the "My Metadata" screen after the setup is completed.
- Future updates may include additional roles or settings based on evolving federation requirements.
"Adding metadata"
Information architecture
Dashboard
- Overview of metadata management status.
- Quick access to recent activities and common tasks.
- Configuration
- Configuration of the local instance not related to remote entities.
- Attribute sources
Features: Originally suggested generic entity configuration management features; now only locally?:
- Export/import of config items/entities.
- Copy/delete (copy as a poor man's versioning).
- Editing of entities in the GUI (common configuration items, protocol-specific features).
- Raw config edit.
- Config check.
- Apply config.
- Git config save.
- Generic post-processor for configs, which could be used for configuration check, deployment, activation, and Git push.
- Versioning and rollback from Git (Git config restore).
- Dynamic updates to the configuration without requiring a full joint restart of the GUI, role components, or proxy service (by keeping them apart).
- Configuration of the local instance not related to remote entities.
Metadata Management
- Federation-level: Interface to add/edit federation-wide metadata.
- Individual SPs/IdPs: Interface to add/edit metadata for individual SPs/IdPs, with options for manual entry or file import.
Relation Management
- Select SP/IdP: Dropdown or search functionality to select an SP/IdP.
- Activate SP/IdP: Toggle to activate the selected SP/IdP.
- Attribute Release Policy (SP): Options to configure REFEDs entity categories for SPs.
- Requested Attributes (IdP): Options to select requested entity categories for IdPs.
My Metadata
- Display Name: Field to enter/display the name of the proxy.
- ?Supported Entity Categories: Checklist or dropdown to select supported categories.
- Logo: Upload functionality to add a logo.
...