LATEST VERSION: 1.5 - CHANGELOG
Single Sign-On v1.4

Manage Resources

This topic describes how a Space Developer defines resources required by an app bound to a Single Sign-On (SSO) service instance and how an administrator grants resource permissions.

In this topic, resources are the API endpoints that users and apps need to retrieve information from a resource server. After an administrator creates resources, they assign the resources to users and apps. Users can then grant apps access to the resources, for example to query API endpoints on their behalf.

Because developers know what endpoints exist for their apps, they are responsible for creating resources.

Create or Edit Resources

If an app requires access to specific resources such as API endpoints, permissions for those resources must be either bootstrapped from the application manifest or defined by the Space Developer in the SSO dashboard.

To bootstrap resources from the manifest, follow the instructions in the SSO Sample Applications repo.

To create resources in the SSO Dashboard:

  1. Log in to Apps Manager as a Space Developer.

  2. Select the space where your service instance is located.

  3. Under Services, click Manage next to your SSO service instance to launch the SSO dashboard.

  4. Click the Resources tab.

  5. Click New Resource.

  6. Enter a Resource Name.

  7. Create Permissions that the OAuth client for your app needs to access from the resource server.

    1. Enter one or more Attributes or Actions for each permission.
    2. Enter a Description for each permission.
  8. Click Save Resource. The administrator must create resource permissions so that users can access the resource. For more information, see Create or Edit Resource Permissions below.

Note: Space Developers create resources within a space. Space Developers only see the resources created in the spaces they have access to and can only assign those to the apps in those spaces.

Delete Resources

  1. Log in to Apps Manager as a Space Developer.

  2. Click the Manage link under the SSO service instance to launch the service dashboard.

  3. Click the Resources tab.

  4. Click the resource to delete.

  5. Click Delete at the bottom of the page.

  6. On the popup, click Delete Resource to delete the resource.

Note: Deleting a resource removes it from the permission mappings and from the app. You must reconfigure the updated permissions in both areas.

Create or Edit Resource Permissions

After a Space Developer defines resources required by an app, an administrator must grant access to those resources. SSO allows administrators to map groups of users from the identity provider to the resource permissions defined by the Space Developer.

  1. Log in to the SSO dashboard at https://p-identity.YOUR-SYSTEM-DOMAIN using your User Account and Authentication (UAA) administrator credentials. You can find these credentials in your Pivotal Elastic Runtime tile in Ops Manager under the Credentials tab.

  2. Click the plan name and select Manage Identity Providers from the drop-down menu.

  3. Click the name of the external identity provider you want to define permissions for and select Resource Permissions from the drop-down menu.

  4. Click New Permissions Mapping.

  5. Enter a Group Name.

  6. Click Select Permissions to choose the permissions that users in the group should have access to.

  7. Click Save Permissions Mapping.

Note: Groups with unsupported characters in Permission Mappings are not editable.

Delete Resource Permissions

  1. Log in to the SSO dashboard at https://p-identity.YOUR-SYSTEM-DOMAIN using your User Account and Authentication (UAA) administrator credentials. You can find these credentials in your Pivotal Elastic Runtime tile in Ops Manager under the Credentials tab.

  2. Click the plan name and select Manage Identity Providers from the drop-down menu.

  3. Click on the name of the external identity provider you want to define permissions for and select Resource Permissions from the drop-down menu.

  4. Click the group name of the resource permission you want to delete.

  5. Click Delete at the bottom of the page.

  6. On the popup, click Delete Permissions Mapping to delete the resource.

Note: Groups with unsupported characters in Permission Mappings are not editable.

Create a pull request or raise an issue on the source for this page in GitHub