Accéder au contenu principal
Version : 14.0

Admin Page

The Admin Page allows you to edit authentication settings, monitor the status of the ADONIS web client and perform maintenance tasks.

Open Admin Page

To open the Admin Page:

  • Open a web browser and navigate to "http://<SERVER_NAME>:<TOMCAT_PORT>/ADONIS14_0/admin.view".

  • Enter your credentials (if needed) and log in.

Remarque

To open the Admin Page, a user has to fulfill the following requirement:

  • The user must have access rights to the Administration Toolkit.
Example

If you are running the web client locally, the URL should look like this:

http://localhost:8000/ADONIS14_0/admin.view

Authentication

Use this page to edit authentication settings. To open the Authentication page:

  • On the toolbar at the top of the screen, click More  , and then click Authentication.
Remarque

To ensure the security of client connections to the Admin Page, we strongly recommended to enable SSL communication in the web client if you plan on editing the authentication configuration. Install ADONIS according to the Installation Manual and configure SSL/TLS support on Tomcat.

Attention

To edit these settings, you need experience with JSON. If you need help, contact your ADONIS consultant.

The following functionalities are available:

SAML Settings

Modify the global basic configuration parameters for SAML connectors.

Security Settings

Adapt the brute force protection settings.

Remarque

For details on how to configure the parameters please refer to section "Configure Brute Force Protection Settings" in the Installation Manual.

Licence Warnings

Configure Licence Warnings - automated email notifications when most of the available named users are already assigned for a specific scenario and action should be taken to extend the licence.

Language

Select the language for user group names, system role names etc. to be used in user mappings.

Upload Certificates

Upload certificates to use for signing and encryption during authentication and for data synchronization with a directory service. To reference an uploaded certificate, you can use the simple file name without any path information (e.g. BOC.jks).

Tracing

Turn on authentication trace logging in order to have additional authentication details logged in the web server logs. This is useful in the setup phase for authentication mechanisms such as SAML. Tracing will automatically be turned off on web server restart.

Reset Configuration

Reset the authentication settings to the factory settings. Any previously applied modifications will be lost.

Download Template

Download a sample configuration with all authentication parameters explained. You can copy the required code from the sample and use it as necessary.

Connectors

All authentication mechanisms (= connectors) of the ADONIS web client are listed here. The authentication mechanisms can be used separately or in combination.

In principal, the following authentication mechanisms are available:

  • Standard (= the standard login page)

  • IDM

  • SAML

  • OIDC

Each of these authentication mechanisms can be configured to use LDAP coupling to fetch additional user data from a directory service.

The following settings are available:

  • Edit Connector

    Click the button .

  • Delete Connector

    Click the button .

  • Add Connector

    Click the Add button .

Save Changes

Save changes made on this page. Once the changes are saved on the Admin Page, they take effect immediately. A restart is not required.

Configure Self-Service Password Reset

Self-service password reset lets ADONIS users reset their own passwords without having to contact their ADONIS administrator each time. They can simply click the "Forgot Password?" link on the login page, and will then receive an email with a link to reset their password.

Availability

This functionality is available if the mail component is configured and the Standard connector is used (= standard login page where the user can enter his or her username and password).

Remarque

For details on how to configure the mail component please refer to the section Mail.

The following users CANNOT reset their password themselves:

  • ADONIS Administrators (users with global administrator rights)

  • Technical users

  • Users from an external user management system

  • Users without email address

Configuration

On the Admin Page, you can enable/disable the self-service password reset and configure how long a password reset link is valid. By default, this feature is enabled and the expiry time of the link is 30 minutes.

To configure the password reset properties:

  • On the Authentication page, edit the Standard Login connector and save the changes afterwards.

Here is the relevant code snippet:

 Configure Self-Service Password Reset

The following child properties of the property "nameduse" need to be added or modified:

  • notification-recipient-email

    JSON object with the property "name": "password_reset_enabled" and "value" which may be "true" or "false" (to enable/disable password reset in self-service).

  • password_reset_link_expires_in_minutes

    JSON object with the following properties: "name": "password_reset_link_expires_in_minutes" and "value" specifying how long a link is valid in minutes (default: "30").

Configure Licence Warnings

On the Admin Page, you can configure an automated email notification when most of the available named users are already assigned for a specific scenario and action should be taken to extend the licence.

Availability

This functionality is available if the mail component is configured.

Remarque

For details on how to configure the mail component please refer to the section Mail.

Configuration

To configure the license warnings:

  1. Open a web browser and navigate to http://<SERVER_NAME>:<TOMCAT_PORT>/ADONIS14_0/admin.view.

  2. Enter your credentials (if needed) and log in. The user must have access rights to the Administration Toolkit.

  3. On the toolbar at the top of the screen, click More   , and then click Authentication.

  4. Click the License Warnings button. Edit the settings and save the changes afterwards.

The following parameters are available:

  • notification-recipient-email

    Enter the email address that should receive the notifications.

  • notification-threshold

    Specify the notification threshold. Enter the percentage of named users already assigned for a specific scenario that, when exceeded, triggers a license warning.

  • notify-on-threshold-exceeded

    Specify whether a notification is sent when the number of named users for a scenario has exceeded the configured threshold. Possible values are "true" or "false".

  • notify-on-threshold-recovery

    Specify whether a notification is sent when the number of named users for a scenario has dropped below the configured threshold. Possible values are "true" or "false".

Authentication > LDAP

Use this page to edit LDAP settings. To open the LDAP page:

  • On the toolbar at the top of the screen, click More  , point to Authentication, and then click LDAP.
Remarque

To ensure the security of client connections to the Admin Page, we strongly recommended to enable SSL communication in the web client if you plan on editing the authentication configuration. Install ADONIS according to the Installation Manual and configure SSL/TLS support on Tomcat.

Attention

To edit these settings, you need experience with JSON. If you need help, contact your ADONIS consultant.

The following functionalities are available:

Upload Certificates

Upload certificates to use for signing and encryption during authentication and for data synchronization with a directory service. To reference an uploaded certificate, you can use the simple file name without any path information (e.g. BOC.jks).

Download Template

Download a sample configuration with all authentication parameters explained. You can copy the required code from the sample and use it as necessary.

Domains

All configured domains are listed here.

The following settings are available:

  • Edit Domain Configuration

    Click the button .

  • Delete Domain Configuration

    Click the button .

  • Add Domain Configuration

    Click the Add button .

LDAP Settings

Modify the general parameters that apply to all domains.

Save Changes

Save changes made on this page. Once the changes are saved on the Admin Page, they take effect immediately. A restart is not required.

Authentication > OAuth 2.0

Use this page to edit OAuth 2.0 settings. To open the OAuth 2.0 page:

  • On the toolbar at the top of the screen, click More  , point to Authentication, and then click OAuth 2.0.

The following functionalities are available:

Upload Logos

Upload logos to represent client applications. You can use these logos when you configure client data.

General Settings

Select the OAuth 2.0 enabled check box to enable OAuth 2.0.

Clients

All configured clients are listed here. The following settings are available:

  • Edit Client Configuration

    Click the button . The Client Data form appears.

  • Delete Client Configuration

    Click the button .

  • Add Client Configuration

    Click the Add button . The Client Data form appears.

Save Changes

Save changes made on this page. Once the changes are saved on the Admin Page, they take effect immediately. A restart is not required.

Client Data

When you add a new client or edit an exisiting client on the OAuth 2.0 page, the Client Data form appears. You can enter and edit the following data:

  • Type: Select the client type. Confidential clients are e.g. centralized, server based applications, which are capable of securely storing client secrets. Public clients are e.g. purely client based applications and native apps which are not capable of securely storing client secrets.

  • ID: The ID of the client system. Must be unique among the clients, should be kept simple as special characters need to be URL encoded.

  • Name: The name of the client application. Will be shown on the user interface.

  • Redirect URI: The URL of a redirect endpoint inside the client application which will be called by the authorization server when issuing an authorization code.

Remarque

The Redirect URI is unnecessary when using the Client Credentials Flow, however the Client Data form requires this field to be filled (mandatory for Authorization Code Flow).

  • Logo: Select a logo to represent the client application (must be uploaded first on the OAuth 2.0 page). Will be shown on the user interface.

  • Access Token Validity (Seconds): The time in seconds how long an access token is valid until it expires. Default: 1800s = 30 minutes.

  • Refresh Token Validity (Seconds): The time in seconds how long an refresh token is valid until it expires. Default: 1209600s = 14 days.

  • Secret: The secret to use for client authentication. You can click Generate to generate a new secret or manually specify one.

Click Save after completing the Client Data form, and then click Save changes to save the OAuth 2.0 page.

Licence Overview

This page shows you at a glance the total number of available licences as well as the number of licences currently in use. You can also find out quickly about all active ADONIS users including the time of login and the time of the last action. To open the Licence Overview page:

  • On the toolbar at the top of the screen, click More  , and then click Licence Overview.
Remarque

If you have questions about the different types of licenses or the difference between concurrent users and named users, please refer to the sections Product Licences vs. Scenario Licences and Named Users vs. Concurrent Users.

Remarque

You can control whether actual login names are shown in this widget by setting the parameter ADOXX_WEB_TRACK_LOGINS in the file adoxx_web_conf.js to true/false. This file can be found in the folder <ADONIS installation>\conf”.

Server

This page allows you to perform various maintenance tasks. To open the Server page:

  • On the toolbar at the top of the screen, click More  , and then click Server.

The following functionalities are available:

  • Restart Environment

    Restart the application server and the web application. All users will be logged out. As soon as the application server is up and running again, and the web application is completely initialised, login is possible again.

  • Restart Web Application

    Restart the web application. All web client users will be logged out. As soon as the web client is completely initialised, login is possible again.

  • Re-intialise search index

    Reinitialize the search index if you if you are encountering problems with the search function in ADONIS. Depending on the number of models and objects in the database this process may take a few minutes.

  • Start LDAP synchronisation

    Start the synchronization of users with an LDAP-compliant directory service according to the configuration specified on the Admin Page. The synchronization is triggered for all configured domains. During the synchronization, a progress bar provides information on the current status. After the synchronization, all newly synchronized users and any error codes are displayed for each domain.

    Remarque

    For questions about the necessary steps to enable synchronization, please refer to the Installation Manual.

  • Clear LDAP Cache

    When synchronization of users with an LDAP-compliant directory service is enabled and the option recursiveNodeLookup is enabled for one or more LDAP properties, ADONIS is caching results to speed up performance. To detect changes in the directory structure, this cache is automatically cleared when the web application is restarted, when you start LDAP synchronization here on the Admin Page, or when a periodic synchronization of users with LDAP is triggered.

    Use this button to clear the LDAP cache if recursiveNodeLookup is enabled, there are changes in the directory structure, and you want to make sure that users that log in to the ADONIS web client for the first time will be assigned correctly to system roles, user groups and repositories.

Support > Information

This page allows you to download support packages in different sizes. A support package contains log files of the application server, log files of the web server including the web application as well as configuration files within an encrypted Zip archive. To open the Information page:

  • On the toolbar at the top of the screen, click More  , point to Support, and then click Information.

The following sizes are available:

  • Support Package SMALL

    Downloads log files from the last 24 hours.

  • Support Package MEDIUM

    Downloads log files from the last week.

  • Support Package LARGE

    Downloads all log files.

Download Support Package when Access to the Admin Page is not possible

You can still download the support package when the Admin Page cannot be reached in case of an error. In order to do so:

  • Open a web browser and navigate to "http://<SERVER_NAME>:<TOMCAT_PORT>/ADONIS14_0/supportinformation".

<SERVER_NAME> is the name of the server machine, <TOMCAT_PORT> is the port at which Apache Tomcat is accessible (by default this is 8000).

Example

If you are running the web client locally, the URL should look like this:

"http://localhost:8000/ADONIS14_0/supportinformation"

You can modify the URL to only download log files from a certain time period. In order to do this, add ?logType=<PARAMETER> to the URL. The following parameters that correspond to the package sizes listed above are available: "small", "medium" and "large".

Example

If you are running the web client locally and you want to download log files from the last 24 hours, the URL should look like this:

"http://localhost:8000/ADONIS14_0/supportinformation?logType=small"

Remarque

Please provide these log files when you contact our support team.

Support > Debug Mode

This page allows you to activate the global debug mode. The global debug mode influences various details in the behaviour of the application and can be used for error analysis. To open the Debug Mode page:

  • On the toolbar at the top of the screen, click More  , point to Support, and then click Debug Mode.
Attention

The global debug mode should never be permanently enabled! It is recommended to only activate the global debug mode on request of a BOC employee.

Support > Maintenance

This widget allows you to enable maintenance mode. Maintenance mode eases the planning of maintenance windows. To open the Maintenance page:

  • On the toolbar at the top of the screen, click More  , point to Support, and then click Maintenance.

When maintenance mode is enabled, no further logins to the web application will be allowed and a corresponding message will be displayed. The Admin Page of the ADONIS web client is excluded from maintenance mode and can still be used.