The Moonshot Identity Selector User Guide

Owned by wqx+qmnstigwu5kzxaiskxnikzy@idp.company.ja.net
Last updated: Sept 09, 2019 by Alex Perez Mendez
5 min read

This guide is obsolete. Please, use The Moonshot Identity Selector for Linux User Guide instead

To use Moonshot, the user's device needs to have a way of storing and selecting credentials to use to authenticate to a service. One option to achieve this is to use the Moonshot Identity Selector.

Contents

Manual configuration of the Moonshot Identity Selection is only appropriate for power users.

1. What is the Moonshot Identity Selector?

The Moonshot Identity Selector is a central point from which you can manage your credentials to be used by Moonshot.

2. Managing credentials Using the Moonshot Identity Selector

The main way of interacting with the Moonshot Identity Selector is through a GUI. It can also be used in a headless mode or have identity information deployed to it - see this page for enterprise deployment options.

2.1. Loading the Identity Selector

Normally, there is no need to manually load the identity selector - it is invoked automatically when you try to log in to a moonshot-enabled service. If you need to modify and remove an existing identity (or manually add an identity), then you will manually load it. To do this, you can either:

  • Locate the Moonshot Identity Manager in the Administration menu of your desktop and click on it.

    or

  • Open a terminal window and type "moonshot".

The Administration menu

On Debian, the Administration menu is found under Applications | System Tools.

On Fedora-based systems (e.g. Fedora, Redhat, CentOS, Scientific Linux), the Administration menu is usually found under System.

The Moonshot Identity Selector should appear.

Screenshot of the Moonshot Identity Selector with no Identities

2.2. Working with Identities

Once the Moonshot Identity Selector has loaded, you can now add, modify, or remove identities.

2.2.1. Adding an Identity

Manually adding identities is strongly discouraged, instead the enterprise deployment options available provide a much more secure way of adding identity information as this can include extra information known as a "trust anchor" (information that stops one server pretending to be another).

2.2.1.1. Load the Moonshot Identity Selector.

  1. Click File, then Add ID Card.
  2. Fill in the details of the identity you wish to add:
    1. Display Name: this a friendly name for the identity that will be displayed in the identities list.
    2. Issuer - this should be the realm associated with your organisation (e.g. camford.ac.uk).
    3. User name: this should be your username (e.g. bob.jones).
    4. Password: the password associated with that username.
  3. Click Add ID Card to save the identity.

Screenshot of Adding an Identity

2.2.2. Modifying an Identity

  1. Load the Moonshot Identity Selector.
  2. Choose the identity to modify, then click Show Details to display the details of the identity. From here, you can:
    1. Modify the issuer or username (any changes made are saved immediately).
      Screenshot of Modifying an Identity
    2. Or to update the password, click Update Password and follow the prompts.
      Screenshot of changing the password for an identity

2.2.3. Removing an Identity

  1. Load the Moonshot Identity Selector.
  2. Select the identity to delete.
  3. Click the "Delete" button to delete the identity. You will be prompted to confirm the deletion.
    Screenshot of deleting an identity

2.3. Service to Identity Mapping

Each identity can be used with one or more Moonshot services. The Moonshot Identity Selector allows these mappings to be created, modified, or removed.

2.3.1. Viewing existing mappings

If you wish to view existing mappings for each identity, then do the following:

  1. Load the Moonshot Identity Selector as detailed above.
  2. Select the identity whose mappings you wish to view and click on the "View Details" button.
  3. A list of services associated with that identity will appear in the window below the login details.
    Screenshot of service listing 

2.3.2. Adding a mapping

The first time you attempt to use a Moonshot enabled service, the Identity Selector will pop up.

Simply choose an existing identity, or create a new one as described above, then hit the "Send" button.

At the bottom of the Identity Selector you will see the GSS name of the service that is wanting you to authenticate. Check this is what you were expecting.

Screenshot of calling GSS name being shown

2.3.3. Removing a mapping

If you wish to make the Moonshot Identity Selector forget about an existing mapping (if you wish to use a different identity for a particular service, or if you stop using that service entirely), then do the following:

  1. Load the Moonshot Identity Selector as detailed above.
  2. Select the identity that has the existing mapping that you want to delete, and click on the "View Details" button.
  3. In the services list that is presented, simply click on the "Remove" button next to the appropriate service and confirm the deletion in the dialogue box that appears.
    Screenshot of service listing 

3. Advanced Usage

3.1. Configure the Identity Selector to not use Moonshot for a particular service

If you regularly use a service which is not Moonshot enabled or that you use traditional, non-Moonshot, credentials to access, you can tell the Identity Selector to stop appearing every time you attempt to access the service by doing the following:

  1. Attempt to access the service as normal; the Moonshot Identity Selector should pop up.
  2. Choose the identity labelled "No Identity", and hit the "Send" button.
  3. For all subsequent authentication attempts, the Moonshot Identity Selector should not appear.