Versions Compared

Old Version 14

changes.mady.by.user Joseph Rincione

Saved on

compared with

New Version 15

changes.mady.by.user Stanley Stewart

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. Create the token service Service Account for your center:
    1. Go to idmax.nasa.gov and submit a request for “AGCY0031 Active Directory Service Account”
    2. Set the Asset Expiration Date as far in the future as allowed. IDMax will likely only allow you to request an expiration date one year into the future.
    3. Click +Add Service account.  Here, you'll need to set up a name for your service account according to the specified naming convention.  Your service account name must be "sv" followed by the two-letter code for your center ("gs" for GSFC, for example), followed by any string of numbers and letters you'd like.  If you enter at least five characters into the Search Service Accounts field, you can see what account names are already in use.  Just select any name that is not already being used.
    4. In the Business Justification field, enter the name of the "provider" you are representing and indicate that "this request is for Launchpad Authentication".
  2. Obtain a PKI Certificate, using the steps on the linked wiki page.  Note that you must have your Service Account from Step 1 before you can request the PKI Certificate.
  3. Request Authorization to Authenticate with Launchpad:
    1. Go to https://idmax.nasa.gov and on the top menu under Credentials, choose “Manage Application Service Accounts”
    2. Choose Manage NCAD Service Accounts
    3. Select the account you want and click the “Request Role Access” for it
    4. Search for “Launchpad Token Service”
    5. Submit for the SiteMinder Token Service role

...