Policy-Backed Identity Provider Wizard
The Policy-Backed Identity Provider wizard is displayed when you create or edit a Policy-Backed Identity Provider.
gateway90
The Policy-Backed Identity Provider wizard is displayed when you create or edit a Policy-Backed Identity Provider.
Before using this wizard, ensure that you have an appropriate policy fragment containing the logic to authenticate users. For more information, see Policy-Backed Identity Providers.
- Complete the wizard as follows:SettingDescriptionProvider NameEnter a name for your Policy-Backed Identity Provider.Authentication PolicyFrom the drop-down list, choose the policy fragment that contains the policy logic that will authenticate the users.Only policy fragments of type "Policy-Backed Identity Provider Policy Fragment" can be selected.If the policy fragment has not been created yet, exit the wizard to create the fragment, then return to the wizard later. For more information about fragments, see Working with Policy Fragments (you will be working with "included policy fragments")Allow assignment to administrative rolesThis check box determines whether an authenticated user can have an administrative role.
- Select this check box to allow a user to be assigned a role that will enable him or her to log into the Policy Manager. For more information, see Working with Policy-Backed Identity Providers in Searching Identity Providers.
- Clear this check box to not permit users to be assigned to a role. The authenticated user will not be able to log into the Policy Manager.
Use Default Role AssignmentThis check box determines whether a default role will be assigned. It is available only when "Allow assignment to administrative roles" above is selected.- Select this check box to assign a default role to all users authenticated by this identity provider.
This default role is used only if the user has no other roles explicitly assigned. If a role is assigned via the Search Identity Provider dialog (see Working with Policy-Backed Identity Providers in Searching Identity Providers, the default role is inactive for the user.- Clear this check box to not assign a default role automatically. In this case it will be up to you to assign a role to the template user, otherwise the user will not be able to log in.
Use the default role assignment with care. Once a user is authenticated, that user will be able to log in through the Policy Manager and administer theAPI Gateway. This could allow untrusted users (current or future) to access theAPI Gateway.Default RoleIf the "Use Default Role Assignment" check was selected above, choose the role from the drop-down list. For more information, see Manage Roles. - Click [Test] to test your authentication policy.
- Enter the Username and Password of known good credentials.
- Click [OK]. The wizard will run the credentials through the authentication policy and report success or failure of the Policy-Backed Identity Provider. If authentication was not successful, you may need to adjust your authentication policy.
- Click [Finish] to close the wizard.