LATEST VERSION: 1.3 - CHANGELOG
Single Sign-On v1.3

Manage Resources

This topic describes how a Space Developer defines resources required by an application bound to a Single Sign-On (SSO) service instance, as well as how an administrator grants resource permissions.

Resources are the API endpoints that users and applications need access to retrieve information from the resource server. Since developers know what endpoints exist for their applications, they are responsible for creating resources. Afer resources are created, administrators will assign these resources to users and applications so that users can grant applications delegated access to the resources on their behalf.

Create or Edit Resources

If an application requires access to specific resources such as API endpoints, the Space Developer must define permissions for those resources in the SSO dashboard.

  1. Log into Apps Manager as a Space Developer.
  2. Select the space where your service instance is located.
  3. Under Services, click Manage next to your SSO service instance to launch the SSO dashboard.
  4. Click the Resources tab.
  5. Click New Resource.
  6. Enter a Resource Name.
  7. Create Permissions that the OAuth client for your application needs to access from the resource server.

    1. Enter one or more Attributes or Actions for each permission.
    2. Enter a Description for each permission.
  8. Click Save Resource. The administrator must create resource permissions so that users can access the resource. See the Create or Edit Resource Permissions section below for more details.

Note: Space Developers create resources within a space. Space Developers only see the resources created in the spaces they have access to and can only assign those to the applications in those spaces.

Delete Resources

  1. Log into Apps Manager as a Space Developer.

  2. Click the Manage link under the SSO service instance to launch the service dashboard.

  3. Click the Resources tab.

  4. Click your resource.

  5. Click Delete at the bottom of the page.

  6. On the popup, click Delete Resource to delete the resource.

Note: Deleting a resource removes it from the permission mappings and from the application. You must reconfigure the updated permissions in both areas.

Create or Edit Resource Permissions

After a Space Developer defines resources required by an application, an administrator must grant access to those resources. SSO allows administrators to map groups of users from the identity provider to the resource permissions defined by the Space Developer.

  1. Log into the SSO dashboard at https://p-identity.YOUR-SYSTEM-DOMAIN using your User Account and Authentication (UAA) administrator credentials. You can find these credentials in your Pivotal Elastic Runtime tile in Ops Manager under the Credentials tab.

  2. Click the plan name and select Manage Identity Providers from the dropdown menu.

  3. Click Resource Permissions for the identity provider that you want to define permissions for.

  4. Click New Permissions Mapping.

  5. Enter a Group Name.

  6. Click Select Permissions to choose the permissions that users in the group should have access to.

  7. Click Save Permissions Mapping.

Note: Groups with unsupported characters in Permission Mappings are not editable.

Delete Resource Permissions

  1. Log into the SSO dashboard at https://p-identity.YOUR-SYSTEM-DOMAIN using your User Account and Authentication (UAA) administrator credentials. You can find these credentials in your Pivotal Elastic Runtime tile in Ops Manager under the Credentials tab.

  2. Click the plan name and select Manage Identity Providers from the dropdown menu.

  3. Click Resource Permissions for the identity provider that you want to define permissions for.

  4. Click the group name of the resource permission you want to delete.

  5. Click Delete at the bottom of the page.

  6. On the popup, click Delete Permissions Mapping to delete the resource.

Note: Groups with unsupported characters in Permission Mappings are not editable.

Create a pull request or raise an issue on the source for this page in GitHub