Web-based administration

You can use web-based administration to configure HAS for your OIDC and SAML providers. This is a convenient alternative to manually editing the .env file when you add, edit, test, or remove an identity provider (IdP).

The URL for web-based administration follows this pattern:

https://has.example.com/admin

with /admin as the suffix to SVC_BASE_URI.

The HAS configure script allows you to choose whether to enable web-based administration.

Alternatively, you can enable this feature manually:

1. Stop the HAS service.

2. Set ADMIN_ENABLED to true (those four letters, all lowercase)

3. Set the login credentials:

   • ADMIN_USERNAME, a string that represents the administrator's login name.

   • ADMIN_PASSWD_FILE, which specifies the file that contains the administrator's password.

4. Start the HAS service.

Security recommendation

For security, we recommend that you enable the administrative interface only for the brief time it takes to configure your OIDC or SAML providers for HAS.

Alternatively, run the service behind a firewall with rules that prevent access to the /admin, /tokens, and /settings endpoints from the public internet. If you are curious about these HAS endpoints, see the HAS REST API on the Perforce GitHub site.

Limitations

• General HAS settings, such as LOGIN_TIMEOUT and the user provisioning settings, must be set by editing the .env file directly. See Configuring.

• The admin interface cannot be customized.