Add new role to configuration UI

This document is written for PhenixID Server.

The reader should have some basic knowledge about PhenixID Server.

This document describes how to add a new role to configuration UI.

Overview

A default user for the configuration UI is created during installation of PhenixID Server.

This user will by default have full access to the configuration UI.

This document will describe how to create a new role that will only have access to the tab "REPORTS".

Please make sure to have a backup copy of the configuration before adding the new settings.

Add new internal user

Log in to the configuration UI, go to the "Advanced" tab and press the pencil to the right of "Internal users".

Make a copy of the existing user (phenixid by default). So you get a new section like this example:

{
		"id": "phenixid",
		"password": "{enc}jy58WmoTTsOUdFnS/dpoWokvikLim2NkEaZw7XxTb68=",
		"description": "Default system administrator account",
		"roles": "sysadmin"
	},
	{
		"id": "reportsuser",
		"password": "{enc}CSzOeSq1nsPITZ1+QFU9VJiTJv4+4lahJfhZV/amJAI=",
		"description": "User for reports",
		"roles": "reporting"
	}

So in the example above we have created the new user reportsuser,  a password has been set for the new user and the role "reporting" has been set.

NOTE: No changes should be made to the default internal user, phenixid in the example above.

When done press Stage changes/Commit changes.

Add new user to the reporting role

This change is made in the UI in advanced mode.

Add this section in the modules part.
You might have a http_configuration_ref for other modules, copy that info or if not, remove the line.

{
     "name": "com.phenixidentity~phenix-prism-report",
     "enabled": "true",
          "config": {
             "display_name": "Reports",
             "base_uri": "reports",
			    "http_configuration_ref": "5dd0ad39-d203-42e6-855c-093296105abe"
      },
		"id": "reportsprismmodule"

}

You also have to add a new prism module for the /reports link like below.

	{
		"name": "com.phenixidentity~phenix-prism",
		"enabled": "true",
		"id": "prismconfig",
		"config": {
			"base_url": "/reports",
			"ssl": "false",
			"auth_redirect_url": "/reports/authenticate/unpwreport",
			"logoff_uri": "/reports/authenticate/logout/",
			"module_refs": "reportsprismmodule"
		}
	},

Stage and Commit changes.

Now you have to add the new prism module to the module_refs part of NODE_GROUPS in the Advanced mode.
It should look something like this with the new module added.

	{
		"name": "default",
		"description": "Default node group (created automatically) - all nodes belong to this group",
		"config": {
			"module_refs": "prismconfig,789a0939-0c82-407e-80c1-....

Go over to the Authenticators - HTTP section and add this part

{
  "alias": "unpwreport",
  "name": "BasicAuthenticator",
  "configuration": {
    "successURL": "/reports/",
    "pipeID": "authReportsPipe"
  },
  "id": "unpwreport"
}

Stage and Commit changes.

And finally, go to the Pipes section and add this for the user & password control in the InternalUserStore.

{
	"id": "authReportsPipe",
	"valves": [
      {
           "name": "InternalUserStoreValidatorValve",
           "enabled": "true",
           "config": {
           "username": "{{request.username}}",
           "password_param_name": "{{request.password}}"
      } 
    ]
}

Stage and Commit changes.

Now try to login to https://<hostname>/reports/ with the new internal user. Only the tab "REPORTS" should be visible.