Site Administration

Site Administrators invite individuals to be administrators for the current SOA Software Open deployment, and configure authentication domains that can be customized and assigned to APIs that are part of the SOA Software Open deployment.

Site Admins

What are the components of the Site Administration section?

How do I send out invitations to individuals I would like to administrator the SOA Software Open deployment?

How do I invite SOA Software Open non-members to be Site Administrators?

How do I respond to a Site Administrator invitation?

How do I cancel a Site Administrator invitation?

How do I remove a Site Administrator who is assigned to the SOA Software Open deployment?

Domains

How does the authentication provider configuration process work?

What domain types are supported?

How do I configure access permissions for OpenID?

How do I set up an SOA Software Open deployment to support OAuth?

How do I set up an SOA Software Open deployment to support a Third Party Provider?

Site Admins

What are the components of the Site Administration section?

The Site Administration quick filter launches the Site Administration section. Authorized SOA Software Open site administrators send out invitations to individuals they would like to grant administration privileges for the SOA Software Open deployment and configure authentication domains that can be customized and assigned to APIs that are part of the SOA Software Open deployment.

Invite Administrators

The Invite More function allows you to send invitations to individuals that you would like grant administration privileges for your API.

View Administrators

When an administrator invitation is submitted, the username, email address, and invitation status (i.e., Email Sent, Approved, or Rejected) of the invitee is added to the Site Admins Summary.

Manage Administrators

Site Administrators can remove an Administrator from the listing.

Back to top

How do I send out invitations to individuals I would like to administrator the SOA Software Open deployment?

The Site Administration > Site Admins page includes an administrator invitation function that allows you to send out invitations to individuals that you would like to grant administration privileges for the current SOA Software Open deployment.

To do this:

  1. Click the Site Administration quick filter icon on the SOA Software Open top navigation. The Site Admins page displays.
  2. Click Invite More. The Invite Administrators page displays.
  3. In the Email text box, enter the email address of individuals you would like to invite to your development team. Separate each email address with a comma.
  4. In the Add a Brief Message text box, specify the invitation text you would like to send to your invitees.
  5. After completing your entries, click Invite. The invitation email will be sent to the invitee.
  6. After the email invitation is sent, SOA Software Open will post an administrator invitation to the SOA Software Open member's Dashboard. The invited SOA Software Open member can then log into SOA Software Open to accept or decline the administrator invitation.

Back to top

How do I invite SOA Software Open non-members to be Site Administrators?

If you have already received a Site Administrator invitation and are not currently an SOA Software Open member, you must sign up to SOA Software Open using the email address that the invitation was issued to in order to accept the invitation. Currently only SOA Software Open members can be invited to be Site Administrators. See Getting Started for more information.

Back to top

How do I respond to a Site Administrator invitation?

If you receive an invitation via email to be a Site Administrator for the SOA Software Open deployment you can accept or reject the invitation.

To accept a Site Administrator invitation:

  1. Click the link in the Site Administrator invitation email, log into SOA Software Open, and go to your Dashboard page.
  2. Choose your Site Administrator invitation in the newsfeed.
  3. To accept the Site Administrator invitation, click Accept. The Accept this invitation text box displays. Enter a comment (if applicable) and click Confirm. The status changes to Invitation Accepted.
  4. To view administrators for the SOA Software Open deployment, click the Site Administration quick filter icon on the SOA Software Open top navigation. The Site Admins page displays. Your username, email address, and Approved invitation status displays. You can also view a listing of other SOA Software Open members that are Site Administrators.

To decline a Site Administrator invitation:

  1. Click the link in the Site Administrator invitation email, log into SOA Software Open, and go to your Dashboard page.
  2. Choose your Site Administrator invitation in the newsfeed.
  3. To decline a Site Administrator invitation, click Decline. The Decline this invitation text box displays. Enter a comment (if applicable) and click Confirm. The status changes to Invitation Declined.

Back to top

How do I cancel a Site Administrator invitation?

Once an invitation is sent to an individual you would like to be a Site Administrator, the invitation itself cannot be revoked. An SOA Software Open member can choose to accept or decline the invitation. If they choose to accept the invitation, you can remove the Site Administrator from the Site Admins page by clicking Remove. See How do I remove a Site Administrator who is assigned to the SOA Software Open deployment?

Back to top

How do I remove a Site Administrator who is assigned to the SOA Software Open deployment?

Any Site Administrator can remove other administrators from the SOA Software Open deployment. To do this:

  1. Click the Site Administration quick filter icon on the SOA Software Open top navigation. The Site Admins page displays.
  2. To remove a Site Administrator from the SOA Software Open deployment, choose the line item of the Site Administrator and click Remove.

Back to top

Domains

How does the authentication provider configuration process work?

SOA Software Open provides a series of add-on features that provide authentication support for APIs. SOA Software Open currently supports OAuth and OpenID Provider types.

Here's how the provider type configuration process works:

Back to top

What domain types are supported?

SOA Software Community Manager OAuth Provider

This feature is an SOA Software Community Manager add-on for the OAuth Provider that installs on top of the SOA Software Community Manager feature. It installs the following domains into your SOA Software Open deployment:

SOA Software Community Manager OpenID Provider

This feature is an SOA Software Community Manager add-on for the OpenID Provider that installs on top of the SOA Software Community Manager feature. It installs the following domains into your SOA Software Open deployment:

LDAP Server Domain

The LDAP domain is an identity store that is pre-defined in Policy Manager as part of the SOA Software Open default installation and is available by default from the Resource Owner Authentication Domain drop-down when you configure an OAuth Provider domain.

Back to top

How do I configure access permissions for OpenID?

Access permissions for OpenID are established by configuring a domain that represents the login resource. For OpenID, you use the OpenID Relying Party domain. This domain is installed as part of the SOA Software Community Manager OpenID Provider feature in the SOA Software Administration Console and is available via Add Domain feature via Site Administration > Domains. After you configure the OpenID login resource, it is then available for selection as login resource when you configure an OAuth Provider domain.

To configure an OpenID login resource:

  1. Click the Site Administration quick filter. The Site Administration page displays.
  2. Click Domains. The Domains Summary page displays.
  3. Click Add Domain. The Select Domain Type drop-down menu displays.
  4. Select OpenID Relying Party and click Select. The Details page displays.
  5. In the OpenID Client section, enter the "Name" and "Description" of the login resource (e.g., Name=Google, Description=Google Login Resource).

    Note that the "Name" field cannot be edited after the domain configuration is saved, so it's important to be as descriptive as possible with your domain name. For example, including the name of the OpenID Provider as an identifier is recommended along with other details that reveal something about the configuration.
  6. Click Next to continue. The Provider Details page displays. Enter the OpenID "Discovery URL" that represents the location of the Relying Party's OpenID endpoints. See What is a Discovery URL? for more information.
  7. Click Next to continue. The Client Details page displays. Enter the "Realm" and "Return URL." See What is a Realm? for more information.
  8. To save the domain configuration, click Save. The OpenID login resource domain is saved, displays on the Domains Summary page, and is now available for selection as a resource when you define an OAuth Provider domain.

Back to top

How do I set up an SOA Software Open deployment to support OAuth?

After defining your access permissions domain, the next step is to configure one or more OAuth Provider domains that represent the OAuth authentication use case types the APIs in your SOA Software Open deployment will support.

To configure an OAuth Provider domain:

  1. Click the Site Administration quick filter. The Site Administration page displays.
  2. Click Domains. The Domains Summary page displays.
  3. Click Add Domain. The Select Domain Type drop-down menu displays.
  4. Select OAuth Provider and click Select. The Details page displays.
  5. In the OAuth Provider section, enter the "Name" and "Description" of the domain definition (e.g., Name=OAuth 2-Legged, Description=OAuth 2-Legged Domain).

    Note that the "Name" field cannot be edited after the domain configuration is saved, so it's important to be as descriptive as possible with your domain name. For example, including the name of the OAuth Provider as an identifier is recommended along with other details that reveal something about the configuration (e.g., OAuth version, API Name, Grant Types, etc.)
  6. Click Next to continue. The Grant Types page displays. Here you will select a "Resource Owner Authentication Domain" and configure the grant scenario for this domain definition.
  7. Select a domain from the "Resource Owner Authentication Domain" drop-down menu. If one has not been previously defined, configure one and then return to complete the OAuth Provider domain definition.
  8. In the "Grant Validity Period (days)" text box, specify the number of days the authorization grant will remain active.
  9. In the "Grant Types" section, click the checkbox of the authorization grant types that apply to this domain configuration. Grant types are grouped by 2-Legged and 3-Legged scenarios. See What grant types does OAuth support? and How does OAuth 2-Legged and 3-Legged Authorization work? for more information.
    • If you selected the Authorization Code grant, specify the number of seconds the Authorization Code grant is valid in the "Authorization Code Timeout" field.
    • For each grant selected, specify the number of seconds the access token is valid in the "Access Token Timeout" field. See What is an Access Token?
    • Click the "Refresh Tokens" checkbox if refresh tokens are supported by your Authentication Server. See What is a Refresh Token? for more information.
  10. After completing your entries, click Next. The Resources page displays. Here you will specify the operations in your API that require authorization. The resource list should represent the full set of resources you would like assign to the current OAuth Provider domain configuration.
    • For example, if multiple API's will be using the OAuth Provider domain, each may have a different operation requirement.
    • In this case, when you configure your API with an OAuth Provider using the OAuth Details function on the API Details page, you can simply filter the set of operations by deleting resources that do not apply for the current API.
    • A resource is typically entered using a URL, but can also be a symbol {id}.
    • Note: If you will be using a third party provider, you can use the pre-defined "Third Party Provider" domain via the API Details > OAuth Details function, and specify your resources on the Resource Mapping page. In this scenario, you can bypass creating a domain and go directly to the API Details page.
    • See How does Resource Mapping work?
  11. After completing your entries, click Next. The Grant Properties page displays.
  12. In the "Properties" section, click +Add to create a grant property instance and specify the "Property Label" and "Property ID." Note that specifying grant properties is optional.
    • The "Property Label" represents the text description of the grant property. It is only visible in SOA Software Open.
    • The "Property ID" represents the object ID that references the property file that is stored on the OAuth Provider's site.
    • To delete a grant property, click -Delete under the grant property instance.
    • See What is a Grant Property? for more information.
  13. After completing your entries, click Next. The Branding page displays. When a user logs into your application using the OAuth configuration you just defined, they must see a login screen.

    If you require a custom branded login screen you can customize the login with a unique logo that represents your organization, footer text (e.g., copyright information), and the URL you want to offer to Resource Owners and applications to access this OAuth provider capabilities.
    • The "Site Logo" option allows you to upload a logo that is 50px high. This logo will display on your login page. See How do I upload and crop icons? for more information.
    • The "Footer Text" field allows you to enter custom text for your login page.
    • The "Authorization Server Hostname" field allows you to enter a hostname URL.
    • See How does Login Branding work? for more information.
  14. To save the domain configuration, click Save. The OAuth Provider domain is saved, displays on the Domains Summary page, and is now available for selection in API OAuth Wizard (via API Details > OAuth Details).

Back to top

How do I set up an SOA Software Open deployment to support a Third Party Provider?

The OAuth Details function on the API > Details page includes a pre-defined "Third Party Provider" domain that allows you to configure grant for OAuth 2.0 and 1.0a versions and resource mapping. See How do I configure my API with an OAuth Provider? for more information.

Back to top