The IdP includes a small number of web-based administrative and diagnostic interfaces, and this will grow over time. Typically there are also command line tools/scripts that provide a convenient way of accessing these interfaces, and they tend to default to a closed access control model that limits access to the local host.
Of course, all of the user-facing functionality of the IdP is technically in the form of web interfaces adhering to the various protocols supported, but this page deals with the (mostly if not entirely) non-user-facing functionality.
All of these services are implemented as administrative webflows that provide a consistent security model and support configuring flexible authentication and access control, though the currently delivered features tend to be for "IdP operator use" and assume control with IP address rules.
The JAVA_OPTS environment variable is honored if set and passed into the command line if specialized options invoking java are required.
The SHIB_OPTS environment variable is also honored if set and is added to the end of the command line to allow for globally applying options when running most of the tools.
A special environment variable, IDP_BASE_URL, can be set to globally override the URL used to call the administrative flows from the command line tools. It defaults to "http://localhost/idp" and can also be overridden from the command line with the "-u" switch (refer to the output of each command for a complete summary of command line options).
Note that using an https URL may necessitate other options to allow the certificate to be validated, or trust to be bypassed for localhost use.
The following interfaces are supported: