CSSCurrent de:Pointsharp Identity Provider Konfiguration: Unterschied zwischen den Versionen
(Die Seite wurde neu angelegt: „ == Pointsharp Identity Provider == Cryptshare supports authentication via the Pointsharp Identity Provider for the '''Admin Interface.''' This feature allows administrators to integrate Cryptshare into an external Identity and Access Management (IAM) environment. The feature is optional. When enabled, authentication via the local Cryptshare user database is disabled. It is always possible to revert back to local authentication by disabling the Identity…“) |
|||
| Zeile 1: | Zeile 1: | ||
== Pointsharp Identity Provider == | == Pointsharp Identity Provider == | ||
Cryptshare | Cryptshare unterstützt die Authentifizierung über den Pointsharp Identity Provider für die '''Admin-Oberfläche.''' | ||
Mit dieser Funktion können Administratoren Cryptshare in eine externe Identitäts- und Zugriffsverwaltungsumgebung (IAM) integrieren. | |||
Die Funktion ist optional. Wenn sie aktiviert ist, wird die Authentifizierung über die lokale Cryptshare-Benutzerdatenbank deaktiviert. Es ist jederzeit möglich, zur lokalen Authentifizierung zurückzukehren, indem die Konfiguration des Identity Providers deaktiviert wird. | |||
Die Integration des Pointsharp Identity Providers ist verfügbar ab '''Cryptshare Version 7.5.0'''. | |||
The usage of the Pointsharp Identity Provider with Cryptshare requires a Cryptshare Enterprise License. If the feature is not enabled on your license yet, please get in contact with your [mailto:customer.success@pointsharp.com?subject=Licensing%20Cryptshare%20feature%20Electronic%20Identity%20%28eID%29&body=Dear%20Cryptshare%20Team%2C%0A%0APlease%20send%20me%20information%20about%20%22Electronic%20Identity%20%28eID%29%22.%0A Cryptshare sales representative] in order to request a new licence file. | The usage of the Pointsharp Identity Provider with Cryptshare requires a Cryptshare Enterprise License. If the feature is not enabled on your license yet, please get in contact with your [mailto:customer.success@pointsharp.com?subject=Licensing%20Cryptshare%20feature%20Electronic%20Identity%20%28eID%29&body=Dear%20Cryptshare%20Team%2C%0A%0APlease%20send%20me%20information%20about%20%22Electronic%20Identity%20%28eID%29%22.%0A Cryptshare sales representative] in order to request a new licence file. | ||
Version vom 19. Dezember 2025, 14:04 Uhr
Pointsharp Identity Provider
Cryptshare unterstützt die Authentifizierung über den Pointsharp Identity Provider für die Admin-Oberfläche.
Mit dieser Funktion können Administratoren Cryptshare in eine externe Identitäts- und Zugriffsverwaltungsumgebung (IAM) integrieren.
Die Funktion ist optional. Wenn sie aktiviert ist, wird die Authentifizierung über die lokale Cryptshare-Benutzerdatenbank deaktiviert. Es ist jederzeit möglich, zur lokalen Authentifizierung zurückzukehren, indem die Konfiguration des Identity Providers deaktiviert wird.
Die Integration des Pointsharp Identity Providers ist verfügbar ab Cryptshare Version 7.5.0.
The usage of the Pointsharp Identity Provider with Cryptshare requires a Cryptshare Enterprise License. If the feature is not enabled on your license yet, please get in contact with your Cryptshare sales representative in order to request a new licence file.
Configuration
Identity Provider authentication is configured using a configuration file and the Admin Interface.
- The base URL used for redirects is configurable via the Admin Interface -> System Settings -> Connection.
- Contact our support team to setup your Pointsharp Identity Provider.
- Get the values from the IdP configuration and set them in the cryptshare.properties file.
idProvider.clientSecret=<clientSecretFromIdP> idProvider.baseUrl=<idPUrl> idProvider.realm=<usedRealm> idProvider.clientId=<usedClientId>
4. Any change to the Identity Provider configuration requires a restart of the Cryptshare service.
Identity Provider authentication is enabled when the properties are set.
Once this property is present, Cryptshare will use the configured Identity Provider for authentication to the Admin Interface.
Authentication Behavior
When accessing the Admin Interface, the authentication flow behaves as follows:
- The user is redirected to the configured Identity Provider.
- The user authenticates at the Identity Provider.
- After successful authentication, the user is redirected back to the Cryptshare Admin Interface.
If the Identity Provider is unavailable or authentication fails, the login attempt fails.
User Handling and Role Mapping
User Existence
- The user must exist in the Identity Provider.
- On first successful login:
- A local Cryptshare Adminuser is created automatically.
Groups and Roles
- Group information is provided by the Identity Provider (e.g. Active Directory groups).
- A standard role mapping is provided.
- Role mapping is configured exclusively in the Identity Provider.
If role mapping is missing or invalid, login is denied.
Logout Behavior
Logging out ends the local Cryptshare session only.
- No logout request is sent to the Identity Provider.
- Single Logout is not supported.