Difference between revisions of "UserGlobalSettings"
Thewikiadmin (talk | contribs) (Created page with " The following parameters will provide the necessary data for all SAML tokens where the HIS and/or the LDAP directory does not have the necessary information. This helpf...") |
Thewikiadmin (talk | contribs) |
||
| Line 6: | Line 6: | ||
| | ||
| − | * | + | *Name: This value is merely a label and should be unique if there is more than one entry. |
| − | Name: This value is merely a label and should be unique if there is more than one entry. | + | *NameQualifier: this is the NameQualifier value that users will be matched against. For all users with the specified NameQualifier these values will be used (unless provided by the source system): |
| − | + | **UAO | |
| − | * | + | **UAOType |
| − | NameQualifier: this is the NameQualifier value that users will be matched against. For all users with the specified NameQualifier these values will be used (unless provided by the source system): | + | **grantByDelegateMeritOnly |
| − | + | **IdentityProvider | |
| − | ** | + | **IdentityVerificationSchemeRef |
| − | UAO | + | **UAOIdentityVerificationSchemeRef |
| − | + | **DelegationVerificationSchemeRef | |
| − | ** | + | **CredentialVerificationSchemeRef |
| − | UAOType | + | **ProtectedNetwork |
| − | + | **PrimaryFactor | |
| − | ** | + | **GlobalRole: This value represents a set of comma-delimited roles that will be asserted in the SAML token |
| − | grantByDelegateMeritOnly | + | **GlobalServiceEntitlement; <span style="color: rgb(255, 86, 48)">available since version 1.8</span> |
| − | + | **AuthenticationLevel; <span style="color: rgb(255, 86, 48)">available since version 1.8</span> | |
| − | ** | ||
| − | IdentityProvider | ||
| − | |||
| − | ** | ||
| − | IdentityVerificationSchemeRef | ||
| − | |||
| − | ** | ||
| − | UAOIdentityVerificationSchemeRef | ||
| − | |||
| − | ** | ||
| − | DelegationVerificationSchemeRef | ||
| − | |||
| − | ** | ||
| − | CredentialVerificationSchemeRef | ||
| − | |||
| − | ** | ||
| − | ProtectedNetwork | ||
| − | |||
| − | ** | ||
| − | PrimaryFactor | ||
| − | |||
| − | ** | ||
| − | GlobalRole: This value represents a set of comma-delimited roles that will be asserted in the SAML token | ||
| − | |||
| − | ** | ||
| − | GlobalServiceEntitlement; <span style="color: rgb(255, 86, 48)">available since version 1.8</span> | ||
| − | |||
| − | ** | ||
| − | AuthenticationLevel; <span style="color: rgb(255, 86, 48)">available since version 1.8</span> | ||
| − | |||
| − | |||
| − | |||
<div class="heading-anchor-wrapper"><div class="sc-fnwBNb qtHFV"><div> </div> </div> </div> | <div class="heading-anchor-wrapper"><div class="sc-fnwBNb qtHFV"><div> </div> </div> </div> | ||
== Example Configuration == | == Example Configuration == | ||
<div class="code-block right-shadow"><span style="font-size: 12px; background: rgb(244, 245, 247) none repeat scroll 0% 0%; color: rgb(23, 43, 77); border-radius: 3px; display: flex; line-height: 1.66667; overflow-x: auto; white-space: pre"><code style="font-size: 12px; line-height: 1.66667; padding: 8px"><UserGlobalSettings> <UserConfig Name="PrimaryUserPopulation" NameQualifier="corporate.hospital.on.ca" UAO="2.16.840.1.113883.3.239.22" UAOType="org" grantByDelegateMeritOnly="false" IdentityProvider="2.16.840.1.113883.3.239.22.13" IdentityVerificationSchemeRef="AL2" UAOIdentityVerificationSchemeRef="AL2" DelegationManagementSchemeRef="AL2" CredentialManagementSchemeRef="AL2" ProtectedNetwork="true" PrimaryFactor="Password" CompensatingFactors="" GlobalRole="" GlobalServiceEntitlement="MyService" AuthenticationLevel="AL2" Domain=""/> <UserConfig Name="SecondaryUserPopulation" NameQualifier="rehab.hospital.on.ca" UAO="2.16.840.1.113883.3.239.22" UAOType="org" grantByDelegateMeritOnly="false" IdentityProvider="2.16.840.1.113883.3.239.22.13" IdentityVerificationSchemeRef="AL2" UAOIdentityVerificationSchemeRef="AL2" DelegationManagementSchemeRef="AL2" CredentialManagementSchemeRef="AL2" ProtectedNetwork="true" PrimaryFactor="Password" CompensatingFactors="" GlobalRole="ConnectingGTA" GlobalServiceEntitlement="MyService" AuthenticationLevel="AL2" Domain=""/> <UserConfig Name="OncologyDepartment" NameQualifier="oncology.hospital.on.ca" UAO="2.16.840.1.113883.3.239.22" UAOType="org" grantByDelegateMeritOnly="false" IdentityProvider="2.16.840.1.113883.3.239.22.13" IdentityVerificationSchemeRef="AL2" UAOIdentityVerificationSchemeRef="AL2" DelegationManagementSchemeRef="AL2" CredentialManagementSchemeRef="AL2" ProtectedNetwork="true" PrimaryFactor="Password" CompensatingFactors="" GlobalRole="ConnectingGTA,Oncology" GlobalServiceEntitlement="MyService" AuthenticationLevel="AL2" Domain=""/> </UserGlobalSettings></code></span></div> | <div class="code-block right-shadow"><span style="font-size: 12px; background: rgb(244, 245, 247) none repeat scroll 0% 0%; color: rgb(23, 43, 77); border-radius: 3px; display: flex; line-height: 1.66667; overflow-x: auto; white-space: pre"><code style="font-size: 12px; line-height: 1.66667; padding: 8px"><UserGlobalSettings> <UserConfig Name="PrimaryUserPopulation" NameQualifier="corporate.hospital.on.ca" UAO="2.16.840.1.113883.3.239.22" UAOType="org" grantByDelegateMeritOnly="false" IdentityProvider="2.16.840.1.113883.3.239.22.13" IdentityVerificationSchemeRef="AL2" UAOIdentityVerificationSchemeRef="AL2" DelegationManagementSchemeRef="AL2" CredentialManagementSchemeRef="AL2" ProtectedNetwork="true" PrimaryFactor="Password" CompensatingFactors="" GlobalRole="" GlobalServiceEntitlement="MyService" AuthenticationLevel="AL2" Domain=""/> <UserConfig Name="SecondaryUserPopulation" NameQualifier="rehab.hospital.on.ca" UAO="2.16.840.1.113883.3.239.22" UAOType="org" grantByDelegateMeritOnly="false" IdentityProvider="2.16.840.1.113883.3.239.22.13" IdentityVerificationSchemeRef="AL2" UAOIdentityVerificationSchemeRef="AL2" DelegationManagementSchemeRef="AL2" CredentialManagementSchemeRef="AL2" ProtectedNetwork="true" PrimaryFactor="Password" CompensatingFactors="" GlobalRole="ConnectingGTA" GlobalServiceEntitlement="MyService" AuthenticationLevel="AL2" Domain=""/> <UserConfig Name="OncologyDepartment" NameQualifier="oncology.hospital.on.ca" UAO="2.16.840.1.113883.3.239.22" UAOType="org" grantByDelegateMeritOnly="false" IdentityProvider="2.16.840.1.113883.3.239.22.13" IdentityVerificationSchemeRef="AL2" UAOIdentityVerificationSchemeRef="AL2" DelegationManagementSchemeRef="AL2" CredentialManagementSchemeRef="AL2" ProtectedNetwork="true" PrimaryFactor="Password" CompensatingFactors="" GlobalRole="ConnectingGTA,Oncology" GlobalServiceEntitlement="MyService" AuthenticationLevel="AL2" Domain=""/> </UserGlobalSettings></code></span></div> | ||
Latest revision as of 09:58, 15 January 2020
The following parameters will provide the necessary data for all SAML tokens where the HIS and/or the LDAP directory does not have the necessary information. This helpful when there are key attributes that would be challenging to manage for all users, but are globally the same for the organization or a set of users (as defined by the NameQualifier.
It is possible to have different entries to match different NameQualifier values (or UserContextDomain) in order to accommodate environments where more than one organization, entity, or unique groups have to be supported.
- Name: This value is merely a label and should be unique if there is more than one entry.
- NameQualifier: this is the NameQualifier value that users will be matched against. For all users with the specified NameQualifier these values will be used (unless provided by the source system):
- UAO
- UAOType
- grantByDelegateMeritOnly
- IdentityProvider
- IdentityVerificationSchemeRef
- UAOIdentityVerificationSchemeRef
- DelegationVerificationSchemeRef
- CredentialVerificationSchemeRef
- ProtectedNetwork
- PrimaryFactor
- GlobalRole: This value represents a set of comma-delimited roles that will be asserted in the SAML token
- GlobalServiceEntitlement; available since version 1.8
- AuthenticationLevel; available since version 1.8
Example Configuration
<UserGlobalSettings> <UserConfig Name="PrimaryUserPopulation" NameQualifier="corporate.hospital.on.ca" UAO="2.16.840.1.113883.3.239.22" UAOType="org" grantByDelegateMeritOnly="false" IdentityProvider="2.16.840.1.113883.3.239.22.13" IdentityVerificationSchemeRef="AL2" UAOIdentityVerificationSchemeRef="AL2" DelegationManagementSchemeRef="AL2" CredentialManagementSchemeRef="AL2" ProtectedNetwork="true" PrimaryFactor="Password" CompensatingFactors="" GlobalRole="" GlobalServiceEntitlement="MyService" AuthenticationLevel="AL2" Domain=""/> <UserConfig Name="SecondaryUserPopulation" NameQualifier="rehab.hospital.on.ca" UAO="2.16.840.1.113883.3.239.22" UAOType="org" grantByDelegateMeritOnly="false" IdentityProvider="2.16.840.1.113883.3.239.22.13" IdentityVerificationSchemeRef="AL2" UAOIdentityVerificationSchemeRef="AL2" DelegationManagementSchemeRef="AL2" CredentialManagementSchemeRef="AL2" ProtectedNetwork="true" PrimaryFactor="Password" CompensatingFactors="" GlobalRole="ConnectingGTA" GlobalServiceEntitlement="MyService" AuthenticationLevel="AL2" Domain=""/> <UserConfig Name="OncologyDepartment" NameQualifier="oncology.hospital.on.ca" UAO="2.16.840.1.113883.3.239.22" UAOType="org" grantByDelegateMeritOnly="false" IdentityProvider="2.16.840.1.113883.3.239.22.13" IdentityVerificationSchemeRef="AL2" UAOIdentityVerificationSchemeRef="AL2" DelegationManagementSchemeRef="AL2" CredentialManagementSchemeRef="AL2" ProtectedNetwork="true" PrimaryFactor="Password" CompensatingFactors="" GlobalRole="ConnectingGTA,Oncology" GlobalServiceEntitlement="MyService" AuthenticationLevel="AL2" Domain=""/> </UserGlobalSettings>