The IdP includes a small number of web-based administrative and diagnostic interfaces, and this will grow over time. Typically there are also command line tools/scripts that provide a convenient way of accessing these interfaces, and they tend to default to a closed access control model that limits access to the local host.
Of course, all of the user-facing functionality of the IdP is technically in the form of web interfaces adhering to the various protocols supported, but this page deals with the (mostly if not entirely) non-user-facing functionality.
All of these services are implemented as administrative webflows that provide a consistent security model and support configuring flexible authentication and access control, though the currently delivered features tend to be for "IdP operator use" and assume control with IP address rules.
An environment variable, IDP_BASE_URL, can be set to globally override the URL used to call the administrative flows from the command line tools. It defaults to "
The following interfaces are supported:
- Reloading Services
- Reloading Metadata
- Attribute Resolution
- Metadata Query
- Account Lockout Management