CSSCurrent en:Pointsharp Identity Provider Configuration

Aus Cryptshare Documentation
Wechseln zu:Navigation, Suche

Pointsharp Identity Provider

Cryptshare supports authentication via the Pointsharp Identity Provider for the Admin Interface.

This feature allows administrators to integrate Cryptshare into an external Identity and Access Management (IAM) environment.

The feature is optional. When enabled, authentication via the local Cryptshare user database is disabled. It is always possible to revert back to local authentication by disabling the Identity Provider configuration.

The Pointsharp Identity Provider integration is available since Cryptshare version 7.5.0.

The usage of the Pointsharp Identity Provider with Cryptshare requires a Cryptshare Enterprise License. If the feature is not enabled on your license yet, please get in contact with your Cryptshare sales representative in order to request a new licence file.

Supported Identity Providers

Cryptshare officially supports the Pointsharp Identity Provider.

Configuration

Identity Provider authentication is configured using a configuration file and the Admin Interface.

  1. The base URL used for redirects is configurable via the Admin Interface -> System Settings -> Connection.
  2. Contact our support team to setup your Pointsharp Identity Provider.
  3. Get the values from the IdP configuration and set them in the cryptshare.properties file.
idProvider.clientSecret=<clientSecretFromIdP>
idProvider.baseUrl=<idPUrl>
idProvider.realm=<usedRealm>
idProvider.clientId=<usedClientId>

4. Any change to the Identity Provider configuration requires a restart of the Cryptshare service.

Identity Provider authentication is enabled when the properties are set.

Once this property is present, Cryptshare will use the configured Identity Provider for authentication to the Admin Interface.

Authentication Behavior

When accessing the Admin Interface, the authentication flow behaves as follows:

  1. The user is redirected to the configured Identity Provider.
  2. The user authenticates at the Identity Provider.
  3. After successful authentication, the user is redirected back to the Cryptshare Admin Interface.
Authworkflow.png

If the Identity Provider is unavailable or authentication fails, the login attempt fails.

User Handling and Role Mapping

User Existence

  • The user must exist in the Identity Provider.
  • On first successful login:
    • A local Cryptshare Adminuser is created automatically.

Groups and Roles

  • Group information is provided by the Identity Provider (e.g. Active Directory groups).
  • A standard role mapping is provided.
  • Role mapping is configured exclusively in the Identity Provider.

If role mapping is missing or invalid, login is denied.

Logout Behavior

Logging out ends the local Cryptshare session only.

  • No logout request is sent to the Identity Provider.
  • Single Logout is not supported.
Abgerufen von „https://documentation.cryptshare.com/w/index.php?title=CSSCurrent_en:Pointsharp_Identity_Provider_Configuration&oldid=52578