The IdP includes a small number of web-based administrative and diagnostic interfaces, and this will grow over time. There are also command line tools/scripts that provide a convenient way of accessing many of these interfaces, and they tend to default to a closed access control model that limits access to the local host.

Of course, all of the user-facing functionality of the IdP is technically in the form of web interfaces adhering to the various protocols supported, but this page deals with the (mostly if not entirely) non-user-facing functionality.

All of these services are now implemented as administrative webflows that provide a consistent security model and support configuring flexible authentication and access control, though the currently delivered features tend to be more "IdP operator use" controlled with IP address rules.

An environment variable, IDP_BASE_URL, can be set to globally override the URL used to call the administrative flows from the command line tools. It defaults to "http://localhost/idp" and can also be overridden from the command line with the "-u" switch (refer to the output of each command for a complete summary of command line options).

Note that using an https URL may necessitate other options to allow the certificate to be validated, or trust to be bypassed.

The following interfaces are supported: