Web-based administration

You can use web-based administration to configure P4 Authentication Service for your OIDC and SAML providers. This is a convenient alternative to manually editing the .env file when you add, edit, test, or remove an identity provider (IdP).

The URL for web-based administration follows this pattern:

https://has.example.com/admin

with /admin as the suffix to SVC_BASE_URI.

The P4 Authentication Service configure script allows you to choose whether to enable web-based administration.

Alternatively, you can enable this feature manually:

1. Stop P4 Authentication Service.

2. Set ADMIN_ENABLED to true (those four letters, all lowercase)

3. Set the login credentials:

   • ADMIN_USERNAME, a string that represents the administrator's login name.

   • ADMIN_PASSWD_FILE, which specifies the file that contains the administrator's password.

4. Start the P4 Authentication Service service.

Security recommendation

For security, we recommend that you enable the administrative interface only for the brief time it takes to configure your OIDC or SAML providers for P4 Authentication Service.

Alternatively, run the service behind a firewall with rules that prevent access to the /admin, /tokens, and /settings endpoints from the public internet. If you are curious about these P4 Authentication Service endpoints, see the P4 Authentication Service REST API on the Perforce GitHub site.

Limitations

• General P4 Authentication Service settings, such as LOGIN_TIMEOUT and the user provisioning settings, must be set by editing the .env file directly. See Configuring.

• The admin interface cannot be customized.