Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision		 Previous revision
en:metadata_admin_tool [2022/11/17 14:18] – Removed tag Silke Meyeren:metadata_admin_tool [2024/02/21 11:32] (current) Wolfgang Pempe
Line 22: Line 22:
 Please note that we added a new role called "subadmin" (as of 11/9/2022). Metadata admins can invite subadmins independently and delegate the administration of metadata of individual IdPs/SPs to them. (See below for details.) Please note that we added a new role called "subadmin" (as of 11/9/2022). Metadata admins can invite subadmins independently and delegate the administration of metadata of individual IdPs/SPs to them. (See below for details.)
  
-==== How to get your initial credentials for the new tool ==== +==== How to get your initial credentials for the MD Admin Tool ==== 
-Your old credentials will not work in the new metadata admin tool (released Nov. 9th). You will receive an invitation link to the e-mail address you registered with. Follow the link in the e-mail. It only works once, though. If you followed the link earlier but did not set a password, please use the password reset link.+You will receive an invitation link to the e-mail address you registered with. Follow the link in the e-mail. It only works once, though. If you followed the link earlier but did not set a password, please use the password reset link.
  
 ==== Two factor authentication ==== ==== Two factor authentication ====
Line 47: Line 47:
  
  
-==== New role: Subadmin ====+==== Further role: Subadmin ====
 In the new metadata administration tool the role of subadmins is a new feature. It enables regular metadata admins to delegate the administration of metadata of individual IdPs/SPs to third parties. They do not have to involve DFN-AAI hotline into account creation for subadmins. (Regular metadata admins with full access still have to be registered via the hotline though.) In the new metadata administration tool the role of subadmins is a new feature. It enables regular metadata admins to delegate the administration of metadata of individual IdPs/SPs to third parties. They do not have to involve DFN-AAI hotline into account creation for subadmins. (Regular metadata admins with full access still have to be registered via the hotline though.)
  
Line 59: Line 59:
 Subadmins cannot: Subadmins cannot:
   * edit the details about your organization,   * edit the details about your organization,
-  * change the degree of reliance, 
   * add new IdPs/SPs   * add new IdPs/SPs
   * delete the entire metadata of an entity,   * delete the entire metadata of an entity,
Line 82: Line 81:
   * **Certificate expiration warnings:** If any of your systems only has a certificate that will expire within the next 30 days or that has already expired, the first thing you see is a red section. Expand it to jump directly to the affected entity.   * **Certificate expiration warnings:** If any of your systems only has a certificate that will expire within the next 30 days or that has already expired, the first thing you see is a red section. Expand it to jump directly to the affected entity.
   * **Information on the institution:** Here you edit the display name and the information URL of your organization. The information is automatically added to the ''<Organization>'' element of your metadata. Click into the lines for German and/or English to edit them.   * **Information on the institution:** Here you edit the display name and the information URL of your organization. The information is automatically added to the ''<Organization>'' element of your metadata. Click into the lines for German and/or English to edit them.
-  * **Contracts and degree of reliance**: +  * **Contracts**: 
     * In this section you can find all information concerning your DFN-AAI contract resp. your SP Agreement. **Please check if everything is up-to-date from time to time and let your hotline know about any changes!** The contact persons who signed the contract are especially important as they are the only ones entitled to name metadata admins with full access to the account. (Subadmins, however, can also be invited by regular metadata admins.)     * In this section you can find all information concerning your DFN-AAI contract resp. your SP Agreement. **Please check if everything is up-to-date from time to time and let your hotline know about any changes!** The contact persons who signed the contract are especially important as they are the only ones entitled to name metadata admins with full access to the account. (Subadmins, however, can also be invited by regular metadata admins.)
-    * If your organization operates an Identity Provider, you can find the [[en:degrees_of_reliance|degree of reliance]] underneath the contract information (until the end of 2022). Regular metadata admins can edit the degree of reliance here. 
   * **Local Metadata:** This section contains a list of all entities that have been added to the [[en:metadata_local|local metadata]] we generate for your organization. You can also find the download URL as well as a possibility to limit access to the download URL.   * **Local Metadata:** This section contains a list of all entities that have been added to the [[en:metadata_local|local metadata]] we generate for your organization. You can also find the download URL as well as a possibility to limit access to the download URL.
   * **Users:** Here you can find the list of all metadata admins that have access to this organization's data. We distinguish between regular metadata admins with full access to the organization and [[en:metadata_admin_tool#new_rolesubadmin|subadmins]] with write access to selected entities. Regular metadata admins can invite subadmins here.   * **Users:** Here you can find the list of all metadata admins that have access to this organization's data. We distinguish between regular metadata admins with full access to the organization and [[en:metadata_admin_tool#new_rolesubadmin|subadmins]] with write access to selected entities. Regular metadata admins can invite subadmins here.
   * **Entities:** Here you can access the Identity Providers, Service Providers and/or Attribute Authorities of your organization.   * **Entities:** Here you can access the Identity Providers, Service Providers and/or Attribute Authorities of your organization.
   * **Entity Lists:** If you see this section, your organization manages an [[en:entity_attributes#entity_categories|Entity Category]]. Here you can control which entities are part of it.   * **Entity Lists:** If you see this section, your organization manages an [[en:entity_attributes#entity_categories|Entity Category]]. Here you can control which entities are part of it.
-  * **Logos and Scopes:** Here you upload all logos and favicons, as well as the scopes you need across all your entities. When editing an individual entity you assign logos, favicons and a scope from this pool.+  * **Logos and Scopes:** Here you upload all logos and favicons, as well as the scopes you need across all your entities. When editing an individual entity you assign logos, favicons and a scope from this pool. Newly added scopes must be approved by the DFN-AAI Team.
  
  
Line 129: Line 127:
   * Select a file from your local computer and choose a meaningful name for the list.   * Select a file from your local computer and choose a meaningful name for the list.
   * If your file does not comply with the image size that can be displayed in the common UI interfaces, you can let our server scale it for you by ticking "Autoscale". The metadata administration tool does not accept any logos or favicons that are too big or too small. Thus, if you do not enable autoscaling you have to make sure the images have the correct size.{{:en:metadata_admin_tool:logos-en.png?600 |}}   * If your file does not comply with the image size that can be displayed in the common UI interfaces, you can let our server scale it for you by ticking "Autoscale". The metadata administration tool does not accept any logos or favicons that are too big or too small. Thus, if you do not enable autoscaling you have to make sure the images have the correct size.{{:en:metadata_admin_tool:logos-en.png?600 |}}
- 
-===== Main differences between old and new MD admin tool ===== 
-^ old ^ new ^ 
-| password login only | **2FA** is mandatory | 
-| self-signed certificate had to be verified by the hotline | **Self-signed certificates** can be used without hotline interaction | 
-| All metadata admins had write access to everything in the organization's account. | Metadata admins can add **subadmins** and delegate certain metadata entries to them. | 
-| Logos/Favicons were published in the metadata as external URLs. It was possible to link to images with unsuitable sizes. | (New) **Logos/Favicons** are uploaded to the tool and delivered by it. Files are scaled to the right size during the upload. | 
-| New entities could be added by fetching xml metadata from a remote URL. | Existing **xml metadata files** can be uploaded. | 
-| Scopes were entered in the IdP metadata form. | **Scopes** are regarded as meta information that is maintained on the level of the organization. They can then be assigned to individual IdPs. | 
- 
  
  • Last modified: 3 months ago