shell: Add defaultDexConnector option to automatically trigger login on a predefined Dex connector #3443
Conversation
Hello jbwatenbergscality,My role is to assist you with the merge of this Status report is not available. |
Waiting for approvalThe following approvals are needed before I can proceed with the merge:
Peer approvals must include at least 1 approval from the following list:
|
Integration data createdI have created the integration data for the additional destination branches.
The following branches will NOT be impacted:
You can set option |
Waiting for approvalThe following approvals are needed before I can proceed with the merge:
Peer approvals must include at least 1 approval from the following list:
|
| @@ -39,6 +57,9 @@ function OAuth2AuthProvider({ children }: { children: Node }) { | |||
| loadUserInfo: true, | |||
| automaticSilentRenew: true, | |||
| monitorSession: false, | |||
| MetadataServiceCtor: authConfig.defaultDexConnector | |||
There was a problem hiding this comment.
I am wondering should we add this defaultDexConnector prop to type OIDCConfig?
There was a problem hiding this comment.
Done in db1812c
| @@ -39,6 +57,9 @@ function OAuth2AuthProvider({ children }: { children: Node }) { | |||
| loadUserInfo: true, | |||
| automaticSilentRenew: true, | |||
| monitorSession: false, | |||
| MetadataServiceCtor: authConfig.defaultDexConnector | |||
| ? defaultDexConnectorMetadataService(authConfig.defaultDexConnector) | |||
There was a problem hiding this comment.
It's more a question:
If we want to use Dex to authenticate the users against a connector-based interface, how should we set the defaultDexConnector in runtime-app-configuration?
There was a problem hiding this comment.
Didn't we start documenting all this rework of shell-ui? Would be useful IMO, both now for reviewers catching up with the progress, and in the future for maintenance / onboarding.
There was a problem hiding this comment.
defaultDexConnector should take the connector id as defined in dex configuration.
For example given the following Dex connectors configuration :
connectors:
- type: oidc
id: keycloak
name: Keycloak
config:
//....
Providing keycloak as defaultDexConnector in runtime-app-configuration will automatically redirect the user to this connector.
There was a problem hiding this comment.
I've opened #3476 regarding the documentation and will address it as soon as possible
| @@ -39,6 +57,9 @@ function OAuth2AuthProvider({ children }: { children: Node }) { | |||
| loadUserInfo: true, | |||
| automaticSilentRenew: true, | |||
| monitorSession: false, | |||
| MetadataServiceCtor: authConfig.defaultDexConnector | |||
| ? defaultDexConnectorMetadataService(authConfig.defaultDexConnector) | |||
There was a problem hiding this comment.
Didn't we start documenting all this rework of shell-ui? Would be useful IMO, both now for reviewers catching up with the progress, and in the future for maintenance / onboarding.
Waiting for approvalThe following approvals are needed before I can proceed with the merge:
Peer approvals must include at least 1 approval from the following list:
The following reviewers are expecting changes from the author, or must review again: |
JBWatenbergScality
force-pushed
the
improvement/add-dex-default-connector-option
branch
from
72d160d
to
e656680
Compare
History mismatchMerge commit #72d160dc1c6470be75c092cfd23c7ed969af5b1f on the integration branch It is likely due to a rebase of the branch Please use the |
|
/reset |
Reset completeI have successfully deleted this pull request's integration branches. |
Integration data createdI have created the integration data for the additional destination branches.
The following branches will NOT be impacted:
You can set option |
Waiting for approvalThe following approvals are needed before I can proceed with the merge:
Peer approvals must include at least 1 approval from the following list:
The following reviewers are expecting changes from the author, or must review again: |
JBWatenbergScality
changed the base branch from
development/2.10
to
development/2.11
Branches have divergedThis pull request's source branch To avoid any integration risks, please re-synchronize them using one of the
Note: If you choose to rebase, you may have to ask me to rebuild |
|
/reset |
Reset completeI have successfully deleted this pull request's integration branches. |
Branches have divergedThis pull request's source branch To avoid any integration risks, please re-synchronize them using one of the
Note: If you choose to rebase, you may have to ask me to rebuild |
…on a predefined Dex connector. This option can be added to the auth section of micro application `runtime-app-configuration`. It intercept the authorization_endpoint of the oidc web finger and append it the `connector_id` query parameter. The connector choice can be forced by adding the `displayLoginChoice` query parameter to the current URL. This enable to maintain UI login possible when the default connector is unavailable.
…session_endpoint is not supported Dex is not supporting `end_session_endpoint` the logout is reviewed to clean the cookies of the domain and clearing the localStorage entries of oidc client when `providerLogout` is set to true. Ref: #2831
JBWatenbergScality
force-pushed
the
improvement/add-dex-default-connector-option
branch
from
e656680
to
a06e266
Compare
Waiting for approvalThe following approvals are needed before I can proceed with the merge:
Peer approvals must include at least 1 approval from the following list:
The following reviewers are expecting changes from the author, or must review again: |
Waiting for approvalThe following approvals are needed before I can proceed with the merge:
Peer approvals must include at least 1 approval from the following list:
|
|
/approve |
In the queueThe changeset has received all authorizations and has been added to the The changeset will be merged in:
The following branches will NOT be impacted:
There is no action required on your side. You will be notified here once IMPORTANT Please do not attempt to modify this pull request.
If you need this pull request to be removed from the queue, please contact a The following options are set: approve |
|
I have successfully merged the changeset of this pull request
The following branches have NOT changed:
Please check the status of the associated issue None. Goodbye jbwatenbergscality. |
Component:
shell
Context:
Dex is providing the possibility to use several connectors to federate OIDC providers. However under some conditions we may need to force the usage of a specific connector.
Summary:
This PR add a
defaultDexConnectoroption to enable this.This option can be added to the auth section of micro application
runtime-app-configuration.It intercept the
authorization_endpointof the oidc web finger and append it theconnector_idquery parameter.The connector choice can be forced by adding the
displayLoginChoicequery parameter to the current URL.This enable to maintain UI login possible when the default connector is unavailable.
Additionaly as Dex is not supporting
end_session_endpointthe logout is reviewed to clean the cookies of thedomain and clearing the localStorage entries of oidc client when
providerLogoutis set to true.Acceptance criteria:
We shall be able to login directly using the default dex connector when the property is defined