Configuration of Back-End Credentials

Mindbreeze InSpire

Copyright ©

Mindbreeze GmbH, A-4020 Linz, 2018.

All rights reserved. All hardware and software names used are brand names and/or trademarks of their respective manufacturers.

These documents are strictly confidential. The submission and presentation of these documents does not confer any rights to our software, our services and service outcomes, or any other protected rights. The dissemination, publication, or reproduction hereof is prohibited.

For ease of readability, gender differentiation has been waived. Corresponding terms and definitions apply within the meaning and intent of the equal treatment principle for both sexes.

IntroductionPermanent link for this heading

This instruction manual applies to G7 appliances.

Mindbreeze InSpire uses the Keycloak software component to manage sign-on credentials. This section describes the most important use cases (such as changing passwords or creating users). You can also find additional documentation here: Keycloak 3.4 Server Administration

Change passwordPermanent link for this heading

The first time you log in to the Management Center, you will be asked to change your password. If you want to change a user’s password at a later time, proceed as follows: In the Management Center, navigate to the menu item “Setup”, “Credentials” and then “Users” under “Manage”. Search for the user in question using the search function or click on “View all users” to view a list of users. Click on “Edit” for the relevant user. In the “Credential” tab you can set a new password. You can use the “Temporary” setting to determine whether the user has to change the password the next time he or she logs on. Confirm your entries with “Reset Password”.

Create a userPermanent link for this heading

You can create multiple users. In the Management Center, navigate to the menu item “Setup”, “Credentials” and then “Users” under “Manage”. Click on “Add user” on the right, then enter the user name “Username” and click on “Save”. Then switch to the “Credentials” tab to set a password. This is described in the previous section “Change password”. After you have set a password, you must assign roles to the user, otherwise the new user cannot be used properly. To do this, see the following section entitled “Managing roles”. To use the “Forgot/reset password” function, we recommend that you enter a valid e-mail address for each user.

Managing rolesPermanent link for this heading

Access to the various areas of the Management Center (e.g. “Reporting”, “Configuration”) is regulated by roles. For example, a user has to be assigned the role “InSpire Config Administrator” to be able to use the “Configuration” item in the Management Center. Several “InSpire” roles have already been defined by default. You can call up the list of all available roles as follows: In the Management Center, navigate to the menu item “Setup”, “Credentials” and then “Roles” under “Configure”. The user “admin” is assigned all roles by default. You can assign roles to or remove roles from users as follows: In the Management Center, navigate to the menu item “Setup”, “Credentials” and then “Users” under “Manage”. Search for the user in question using the search function or click on “View all users” to view a list of users. Click on “Edit” for the relevant user. Switch to the “Role Mappings” tab. You can assign roles here.

Standard rolesPermanent link for this heading

Several roles that are required for operation are preconfigured in the as-delivered settings. This section describes which roles that includes and their significance.

The roles can be divided into 2 categories:

  • Mindbreeze InSpire roles (name starts with “InSpire”)
  • Keycloak administration roles

In the following section, the Mindbreeze "InSpire Management Center" is abbreviated as MMC.

Description of the Mindbreeze InSpire rolesPermanent link for this heading

The following Mindbreeze InSpire roles are predefined by default:

Role name

Description

Examples (selection)

InSpire Administrator”

Access to MMC “Update” and “InSpire Global Settings“

Installation of updates, container management

InSpire app.telemetry Administrator”

Access to MMC “Reporting” (app.telemetry)

Diagnostics, reading log files, reading feedback. Read and change diagostic configuration.

InSpire Application Impersonation“

Authorizes the use of “Trusted Peer Authentication” in the client; see documentation: “Configuring Trusted Peer Authentication for Mindbreeze InSpire”

Use “Trusted Peer Authentication” in the client, search on behalf of other users.

InSpire Config Administrator”

Access to MMC “Configuration”

Read and change Mindbreeze InSpire configuration

InSpire Index User”

Access to the "filter" and "index" diagnostic servlets

Index/filter status queries, detailed diagnostic options

InSpire Index Writer”

Access for indexing documents

Index or delete documents, filter documents, access for external connectors

InSpire Overview User”

Basic access to the MMC "Search Experience".

Edit synonyms and boostings

InSpire Services Administrator”

Access to MMC “Services”  

Start/stop nodes, re-index

InSpire Webmin Administrator”

Access to MMC “System”

Download, upload and edit files, manage time zones

Description of the Keycloak administration rolesPermanent link for this heading

The following Keycloak administration roles are predefined by default:

Role name

Description

Examples (selection)

admin”

Access to “Credentials”

Create/delete users, change role assignments

create-realm”

Not used

offline-access”

Not used

uma_authorization”

Not used

You can also find additional documentation here: Keycloak 3.4 Server Administration

Reset configuration to Mindbreeze standardsPermanent link for this heading

If the credentials management is no longer working properly, the credentials management can be reset to Mindbreeze standards. A malfunction can have the following causes:

  • The password for the administrator has been lost
  • A configuration required for the operation of Mindbreeze InSpire has been changed, including the following parts of the configuration
    • Roles with names beginning with "InSpire"
    • The client "mindbreeze-inspire".
    • The realm theme "mindbreeze".

Resetting to Mindbreeze standards resets the password of the administrator and resets the configuration of the parts of the configuration necessary for operation. Other parts of the configuration will not be changed. We recommend making a backup before resetting.

Resetting to Mindbreeze standards is done as follows:

  • Log on to the appliance terminal with the root user.
  • Navigate to the directory /var/data/upload/image/keycloak/scripts
  • Run the script reset_to_mindbreeze_defaults.sh and read the warnings carefully. Finally, run the script again with a parameter that you have taken from the warnings.
  • The reset takes a few minutes; the Mindbreeze services are not available during this time.