On the Identity Providers screen you can test a username and password combination against an Identity Provider (IdP).

When you select the Test Login option for your IdP, it will confirm the IdP name and Type that you are testing against. It gives you a way to test your attribute mapping configuration and your security level rules / direct user grants configuration

Clicking the Test Login button will redirect you to the IdP where you can login. Upon successful authentication with the IdP, the page navigates back to Ignition, and Ignition displays the response document as the results. These results can vary between IdPs, so it can be useful to test out a login to see what your IdP returns in its response document.

You can use Test Logout option to log out of the ID you were testing.

Ignition's IdP returns an 'amr' attribute that indicates how the user was authenticated.

  • If the user was authenticated with a username and password challenge, the amr returns ["uname", "pwd"]
  • If the user was authenticated with a badge challenge, the amr returns: ["badge"]
  • If the user was authenticated with a badge and password challenge, the amr returns:[:badge", "pwd"]

With this feature, you can enable different security levels based on how the user authenticated. In a security level rule, you could enter:

	containsAll ({idp-attributes:amr}, 'uname', 'pwd')


On this page ...


Test a Login

  1. From the Gateway Webpage Config tab, go to Security > Identity Providers. The window will refresh and your list of Identity Providers will be displayed.
  2. Choose the Identity Provider and click the More button to see the actions in the dropdown list, and select Test Login.



  3. Log in at your IdP's login screen.

  4. If the login is successful, you will be returned to the Identity Provider Test Login screen. The returned results will be displayed under the IdP Response Data tab.

  5. Click on the Mapped User Attributes tab to view the user attributes for the currently logged in user.



  6. Click on the Security Level Grants tab to view the Security Levels for the roles of the currently logged in user.




Test a Logout

After testing a User ID, you do not want to stay logged in as the user. You can use the Test Logout function to log out. For the Ignition IdP, this function also logs you out of the IdP.  For an OpenID Connect IdP, this function will also log you out of the IdP if you have a Logout URL.

  1. To log out of the ID you were testing, click the Test Logout button on the Test Login page.




  2. You will get a confirmation message of a successful logout. 



  • No labels