The IdP includes a small number of web-based administrative and diagnostic interfaces, and this will grow over time. There are also command line tools/scripts that provide a convenient way of accessing many of these interfaces, and they tend to default to a closed access control model that limits access to the local host.
Of course, all of the user-facing functionality of the IdP is technically in the form of web interfaces adhering to the various protocols supported, but this page deals with the (mostly if not entirely) non-user-facing functionality.
All of these services are now implemented as administrative webflows that provide a consistent security model and support configuring flexible authentication and access control, though the currently delivered features tend to be more "IdP operator use" controlled with IP address rules.
An environment variable, IDP_BASE_URL, can be set to globally override the URL used to call the administrative flows from the command line tools. It defaults to "
The following interfaces are supported:
- Reloading Services
- Reloading Metadata
- Attribute Resolution
- StorageService Access
- Metadata Query 3.4
- Account Lockout Management 3.4