Admin Page#

The Admin Page allows you to edit authentication settings, monitor the status of the ADOIT web client and perform maintenance tasks.

Open Admin Page#

To open the Admin Page:

  • Open a web browser and navigate to "http://<SERVER_NAME>:<TOMCAT_PORT>/ADOIT12_0/admin.view".

  • Enter your credentials (if needed) and log in.

note

To open the Admin Page, a user has to fulfill the following requirement:

  • The user must have access rights to the Administration Toolkit.
Example

If you are running the web client locally, the URL should look like this:

http://localhost:8000/ADOIT12_0/admin.view

Authentication#

Use this page to edit authentication settings. To open the Authentication page:

  • On the toolbar at the top of the screen, click More  , and then click Authentication.
note

To ensure the security of client connections to the Admin Page, we strongly recommended to enable SSL communication in the web client if you plan on editing the authentication configuration. Install ADOIT according to the Installation Manual and configure SSL/TLS support on Tomcat.

caution

To edit these settings, you need experience with JSON. If you need help, contact your ADOIT consultant.

The following functionalities are available:

SAML Settings

Modify the global basic configuration parameters for SAML connectors.

Security Settings

Adapt the brute force protection settings.

note

For details on how to configure the parameters please refer to section "Configure Brute Force Protection Settings" in the Installation Manual.

Language

Select the language for user group names, system role names etc. to be used in user mappings.

Upload Certificates

Upload certificates to use for signing and encryption during authentication and for data synchronization with a directory service. To reference an uploaded certificate, you can use the simple file name without any path information (e.g. BOC.jks).

Tracing

Turn on authentication trace logging in order to have additional authentication details logged in the web server logs. This is useful in the setup phase for authentication mechanisms such as SAML. Tracing will automatically be turned off on web server restart.

Reset Configuration

Reset the authentication settings to the factory settings. Any previously applied modifications will be lost.

Download Template

Download a sample configuration with all authentication parameters explained. You can copy the required code from the sample and use it as necessary.

Connectors

All authentication mechanisms (= connectors) of the ADOIT web client are listed here. The authentication mechanisms can be used separately or in combination.

In principal, the following authentication mechanisms are available:

  • Standard (= the standard login page)

  • IDM

  • SAML

Each of these authentication mechanisms can be configured to use LDAP coupling to fetch additional user data from a directory service.

The following settings are available:

  • Edit Connector

    Click the button .

  • Delete Connector

    Click the button .

  • Add Connector

    Click the Add button .

Save Changes

Save changes made on this page. Once the changes are saved on the Admin Page, they take effect immediately. A restart is not required.

Configure Self-Service Password Reset#

Self-service password reset lets ADOIT users reset their own passwords without having to contact their ADOIT administrator each time. They can simply click the "Forgot Password?" link on the login page, and will then receive an email with a link to reset their password.

Availability

This functionality is available if the mail component is configured and the Standard connector is used (= standard login page where the user can enter his or her username and password).

note

For details on how to configure the mail component please refer to the section Mail.

The following users CANNOT reset their password themselves:

  • ADOIT Administrators (users with global administrator rights)

  • Technical users

  • Users from an external user management system

  • Users without email address

Configuration

On the Admin Page, you can enable/disable the self-service password reset and configure how long a password reset link is valid. By default, this feature is enabled and the expiry time of the link is 30 minutes.

To configure the password reset properties:

  • On the Authentication page, edit the Standard Login connector and save the changes afterwards.

Here is the relevant code snippet:

 Configure Self-Service Password Reset

The following child properties of the property "properties" need to be added or modified:

  • password_reset_enabled

    JSON object with the following properties: "name": "password_reset_enabled" and "value" which may be "true" or "false" (to enable/disable password reset in self-service).

  • password_reset_link_expires_in_minutes

    JSON object with the following properties: "name": "password_reset_link_expires_in_minutes" and "value" specifying how long a link is valid in minutes (default: "30").

Authentication > LDAP#

Use this page to edit LDAP settings. To open the LDAP page:

  • On the toolbar at the top of the screen, click More  , point to Authentication, and then click LDAP.
note

To ensure the security of client connections to the Admin Page, we strongly recommended to enable SSL communication in the web client if you plan on editing the authentication configuration. Install ADOIT according to the Installation Manual and configure SSL/TLS support on Tomcat.

caution

To edit these settings, you need experience with JSON. If you need help, contact your ADOIT consultant.

The following functionalities are available:

Upload Certificates

Upload certificates to use for signing and encryption during authentication and for data synchronization with a directory service. To reference an uploaded certificate, you can use the simple file name without any path information (e.g. BOC.jks).

Download Template

Download a sample configuration with all authentication parameters explained. You can copy the required code from the sample and use it as necessary.

Domains

All configured domains are listed here.

The following settings are available:

  • Edit Domain Configuration

    Click the button .

  • Delete Domain Configuration

    Click the button .

  • Add Domain Configuration

    Click the Add button .

LDAP Settings

Modify the general parameters apply to all domains.

Save Changes

Save changes made on this page. Once the changes are saved on the Admin Page, they take effect immediately. A restart is not required.

Authentication > OAuth 2.0#

Use this page to edit OAuth 2.0 settings. To open the OAuth 2.0 page:

  • On the toolbar at the top of the screen, click More  , point to Authentication, and then click OAuth 2.0.

The following functionalities are available:

Upload Logos

Upload logos to represent client applications. You can use these logos when you configure client data.

General Settings

Select the OAuth 2.0 enabled check box to enable OAuth 2.0

Clients

All configured clients are listed here.

The following settings are available:

  • Edit Client Configuration

    Click the button .

  • Delete Client Configuration

    Click the button .

  • Add Client Configuration

    Click the Add button .

Client Data

When you add a new client or edit an exisiting client, the Client Data dialogue box opens. You can enter and edit the following data:

  • Type

    Select the client type. Confidential clients are e.g. centralized, server based applications, which are capable of securely storing client secrets. Public clients are e.g. purely client based applications and native apps which are not capable of securely storing client secrets.

  • ID

    The ID of the client system. Must be unique among the clients, should be kept simple as special characters need to be URL encoded.

  • Name

    The name of the client application. Will be shown on the user interface.

  • Redirect URI

    The URL of a redirect endpoint inside the client application which will be called by the authorization server when issuing an authorization code.

  • Logo

    Select a logo to represent the client application (must be uploaded first on the OAuth 2.0 page). Will be shown on the user interface.

  • Access Token Validity (Seconds)

    The time in seconds how long an access token is valid until it expires. Default: 1800s = 30 minutes.

  • Refresh Token Validity (Seconds)

    The time in seconds how long an refresh token is valid until it expires. Default: 1209600s = 14 days.

  • Secret

    The secret to use for client authentication. You can click Generate to generate a new secret or manually specify one.

Click Save after completing the Client Data form, and then click Save changes to save the changes made on this page.

Save Changes

Save changes made on this page. Once the changes are saved on the Admin Page, they take effect immediately. A restart is not required.

Licence Overview#

This page shows you at a glance the total number of available licences as well as the number of licences currently in use. You can also find out quickly about all active ADOIT users including the time of login and the time of the last action. To open the Licence Overview page:

  • On the toolbar at the top of the screen, click More  , and then click Licence Overview.
note

If you have questions about the different types of licenses or the difference between concurrent users and named users, please refer to the sections Product Licences vs. Scenario Licences and Named Users vs. Concurrent Users.

note

You can control whether actual login names are shown in this widget by setting the parameter ADOXX_WEB_TRACK_LOGINS in the file adoxx_web_conf.js to true/false. This file can be found in the folder “<ADOIT installation>\conf”.

Server#

This page allows you to perform various maintenance tasks. To open the Server page:

  • On the toolbar at the top of the screen, click More  , and then click Server.

The following functionalities are available:

  • Restart Environment

    Restart the application server and the web application. All users will be logged out. As soon as the application server is up and running again, and the web application is completely initialised, login is possible again.

  • Restart Web Application

    Restart the web application. All web client users will be logged out. As soon as the web client is completely initialised, login is possible again.

  • Re-intialise search index

    Reinitialize the search index if you if you are encountering problems with the search function in ADOIT. Depending on the number of models and objects in the database this process may take a few minutes.

  • Start LDAP synchronisation

    Start the synchronization of users with an LDAP-compliant directory service according to the configuration specified on the Admin Page. The synchronization is triggered for all configured domains.

    note

    For questions about the necessary steps to enable synchronization, please refer to the Installation Manual.

  • Clear LDAP Cache

    When synchronization of users with an LDAP-compliant directory service is enabled and the option recursiveNodeLookup is enabled for one or more LDAP properties, ADOIT is caching results to speed up performance. To detect changes in the directory structure, this cache is automatically cleared when the web application is restarted, when you start LDAP synchronization here on the Admin Page, or when a periodic synchronization of users with LDAP is triggered.

    Use this button to clear the LDAP cache if recursiveNodeLookup is enabled, there are changes in the directory structure, and you want to make sure that users that log in to the ADOIT web client for the first time will be assigned correctly to system roles, user groups and repositories.

Support > Information#

This page allows you to download support packages in different sizes. A support package contains log files of the application server, log files of the web server including the web application as well as configuration files within an encrypted Zip archive. To open the Information page:

  • On the toolbar at the top of the screen, click More  , point to Support, and then click Information.

The following sizes are available:

  • Support Package SMALL

    Downloads log files from the last 24 hours.

  • Support Package MEDIUM

    Downloads log files from the last week.

  • Support Package LARGE

    Downloads all log files.

Download Support Package when Access to the Admin Page is not possible

You can still download the support package when the Admin Page cannot be reached in case of an error. In order to do so:

  • Open a web browser and navigate to "http://<SERVER_NAME>:<TOMCAT_PORT>/ADOIT12_0/supportinformation".

<SERVER_NAME> is the name of the server machine, <TOMCAT_PORT> is the port at which Apache Tomcat is accessible (by default this is 8000).

Example

If you are running the web client locally, the URL should look like this:

"http://localhost:8000/ADOIT12_0/supportinformation"

You can modify the URL to only download log files from a certain time period. In order to do this, add ?logType=<PARAMETER> to the URL. The following parameters that correspond to the package sizes listed above are available: "small", "medium" and "large".

Example

If you are running the web client locally and you want to download log files from the last 24 hours, the URL should look like this:

"http://localhost:8000/ADOIT12_0/supportinformation?logType=small"

note

Please provide these log files when you contact our support team.

Support > Debug Mode#

This page allows you to activate the global debug mode. The global debug mode influences various details in the behaviour of the application and can be used for error analysis. To open the Debug Mode page:

  • On the toolbar at the top of the screen, click More  , point to Support, and then click Debug Mode.
caution

The global debug mode should never be permanently enabled! It is recommended to only activate the global debug mode on request of a BOC employee.

Support > Maintenance#

This widget allows you to enable maintenance mode. Maintenance mode eases the planning of maintenance windows. To open the Maintenance page:

  • On the toolbar at the top of the screen, click More  , point to Support, and then click Maintenance.

When maintenance mode is enabled, no further logins to the web application will be allowed and a corresponding message will be displayed. The Admin Page of the ADOIT web client is excluded from maintenance mode and can still be used.

  • Open Admin Page
  • Authentication
    • Configure Self-Service Password Reset
  • Authentication > LDAP
  • Authentication > OAuth 2.0
  • Licence Overview
  • Server
  • Support > Information
  • Support > Debug Mode
  • Support > Maintenance