* WIP
* updated swagger file
* renamed routes
* renamed test folder
* separate section for Identity Federation
* sso-tracer -> sso-traces
* don't change ACS url for SAML federation
* SAMLFederation -> IdentityFederation
* SAMLFederation -> IdentityFederation
* keep api/federated-saml but move to api/identity-federation
* test old route as well
* fixed test
* fixed test
* retry tests 3 times
* updated deployment
* WIP create SAML Fed app
(cherry picked from commit 3d15b20a2d)
* Add Admin Portal SSO via SAML Fed
* Minor tweaks
* Use fixture and login using federated connection
* Cleanup SAML fed connection after test, disable failing assertion for now
* Remove only
* Use MockSAML endpoint from env
* Cleanup SSO connections mapped to SAML Fed
* OIDC Fed spec
* Try with higher timeout
* Mutate on page load
* Put back assertion
* Remove assertion and mutate for now
* SAML Fed App + 2 SAML Providers
* Take in optional tenant/product for fixture method
* SAML Fed + 2 OIDC providers
* SAML Fed test cases for single provider
* Tweak title
* Replace swr with fetch
* Remove only
* Bump up timeout to 100s
* Add more test cases for OIDC Fed
* Refactor fetch with hooks
* locale tweaks
* Also try with the other provider
* Fixture support SAML add via raw metadata
* Add second SAML connection using raw metadata
* Revert "Add second SAML connection using raw metadata"
* Revert "Fixture support SAML add via raw metadata"
---------
Co-authored-by: ukrocks007 <ukrocks.mehta@gmail.com>
Co-authored-by: Aswin V <vaswin91@gmail.com>
* [typings] OIDC provider clientId/secret is non optional
* try/catch and trace the errors ...
* Fix error message inside `resolveConnection`
* Default for error_description, trace error should be either error or fallback to description
* Attach traceId to OAuth error response
* Add more context to the traces
* [fed-saml] Add relayState to trace context
* Tenant/product can be traced from session.request in case connection is not resolved
* Minor change
* [npm] Rename `saml-tracer` -> `sso-tracer`
* [Admin UI/API] Rename `saml-tracer` -> `sso-tracer`
* [v1 API] Rename `saml-traces` -> `sso-traces` with alias to old path
* Fix assertion type display with fallback to `-`
* Update swagger spec
* Scroll in case text overflows
* IdP tab is now the first one
* IdP-config should be the default selected
* Fix styling for link
* Add OpenID SP route, tweak well known list to include the same
* display toast and adjust the width of the content
* customize the branding for setup links
* use the branding in setup links page
* Admin Branding WIP
* Update settings
* Move to ee folder
* If the licence is not valid, return the default branding
* update translation
* Add logo to the idp selection page
* add license check to the API
* read default branding from a common place
* add LicenseRequired
* cleanup
* Add License check to NPM
* Fix
* Add --pf css variable
* fix the idp selection page
* use default branding if value is not set
* Fixes
* Improved the store and keys
* Infer the return type
* Whitelabeling the IdP selection screen per tenant and product
* Fix the param type
* Fix the unit tests
* Fix mismatch in server/client rendering
* Switch to radio button look and feel
* Use rounded border only for textual inputs
* Cleanup import
* Move routing to `useEffect`
* Fix server render mismatch
* fixed merge conflict
* fixed merge conflict
---------
Co-authored-by: Aswin V <vaswin91@gmail.com>
Co-authored-by: Deepak Prabhakara <deepak@boxyhq.com>
* env, login button & translations
* added setting in sidebar
Added login with sso button
Added connection create form in settings
* added new pages for Self SSO connection CRUD
* Fixed Self SSO issue
* Use @boxyhq/react-ui component for SSO
* `await` on method instead of class
* Fix import
* Set fields to non-editable for settings view
* Tweak for settings view
* Add link for settings in sidebar
* Take in admin SSO defaults from env
* Tweak edit page for settings view
* Remove `NEXT_PUBLIC` prefix
* Switch back to getSSP from getStaticProps
* Sync lock file
* Set defaults in env
* Filter out admin sso tenant/product
* Load admin SSO tenant/product
* Update heading
* Fix back link
* Use latest published version
* Set `clientId` to dummy in provider init
* Use the defaults from env
* Fix redirectUrl after savingConnection for settingsView
* Use `isLoading` from SWR
* Fix settings view url for mutation and redirect in Edit
* Replace api route path
* Use rewrite instead of router.push and other tweaks
* Reuse `ConnectionList` for settings
* Use pagination query params in settings api
* Import styles from sdk
* Fix failing build
* Use latest version
* - Display badge for system sso connections
- Reuse admin connection for retrieving system sso
connections
* Tweak styling
* Construct profile in updateUser as done previously
* Update react-ui
* Remove extra truthy check
* Hide pagination buttons for settings view
* Install @boxyhq/react-ui as symlink to local
* Tweak badge size
* Rename admin portal sso envs
* Fix the edit redirection for system sso
Co-authored-by: ukrocks007 <ukrocks.mehta@gmail.com>
Co-authored-by: Deepak Prabhakara <deepak@boxyhq.com>
Co-authored-by: Kiran K <kiran@boxyhq.com>
* Update
* Add verification to the setup link to ensure it is valid and not expired before allowing the user to continue.
* cleanup
* Tweaks to setup links
* Remove the unnecessary conditions from DirectoryTab
* Add the missing translation in CreateSetupLink
* Invoke the mutate at the beginning
* Remove unused type
* Remove another unused type
* Make the description optional in Modal and add ModalProps
* Adjust the input border radius
* Display setup link after the setup link is regenerated
* Display setup link info
* Remove the existing setup link if regenerate is true
* show expired date in red
* standardised View icon
Co-authored-by: Deepak Prabhakara <deepak@boxyhq.com>
cleaned up experimental flag and node-fetch (next.js has fixed the issue in middleware which prevented payloads > 16kb)
Co-authored-by: Kiran K <kiran@boxyhq.com>
* wip
* Move the links to /well-known and update the UI
* Infer the props type
* localised strings
* switched to LinkOutline
Co-authored-by: Deepak Prabhakara <deepak@boxyhq.com>
* Share setup link related changes
1. Setup link creation for saml connection
2. Setup link creation for Directory sync
3. Regeneration of Setup link
4. Ability to open setup link without login
5. Setup link opens up SAML connection page
6. Saml Connection page hides Tenant & Product fields
* Saving SAML and OIDC configuration
* showing the connection list on setup page
* Connections CRUD
* UI changes for Setup layout
* semantics changes connection -> sso-connection
* directory sync support for share link
* showing only current tenant product directories
* fixes mentioned in commnets by Aswin
* prettier formatting
* fixed route
* minor fixes
* Fix the layout rendering for the /setup routes
* minor fixes
* review changes
* package lock changes
* package json and lock changes
* removed xmlbuilder
* package lock changes
* removed api call from ConnectionList component
* Back button link fix
* intermediate changes for Setup link list feature
* setup link list related changes
* UI fixes and actions
* removed unwanted import
* setup link list action hooked with correct functions
* path rewrites, styling changes, toast
regenerate & delete setup links
* fixes for mutate
* minor tweaks to clipboard icon
* updated package-lock
* formatting changes
* removed console log
* Added cusor pointer for action for LinkList component
Removed unused variable & validation of empty token
Removed redundent validation code
linting fixes
* Auto redirect in setup link page for sso-connection create form
Delete icon on setup link list page on hover red color & tooltips
* removed redirect and used isValidating
* fixes for router replace
* toast for setup links
* fixes for dsync apis
* redirect related change
* removing redirect for sso-connection
* fallback to error.message
Co-authored-by: Deepak Prabhakara <deepak@boxyhq.com>
Co-authored-by: Kiran <kiran@boxyhq.com>
* Replace Admin UI with Admin Portal
* Create a default certificate
* Use the default certs instead of per connection certificate
* Revert the changes
* refactored to encapsulate all logic inside x509.ts
* added certs to sp-metadata
* Cache the certificate before return
* Fix the type
* added expiry check to cached certificate
* added url to download public cert
* added instructions to encrypt assertion
* bumped up version
Co-authored-by: Deepak Prabhakara <deepak@boxyhq.com>
* use PRE_LOADED_CONNECTION instead of PRE_LOADED_CONFIG
* added endpoint to return sp metadata for use with federated systems like OpenAthens
* removed md prefix
* Merged
* Revert the changes
* Update package-lock.json
* Add the web page to display the SP's Config
* Commit changes to package-lock.json
* rewrite route so the path is `/.well-known/saml-configuration`
* added back @opentelemetry/api
* downgraded @opentelemetry/resources
* pin "@opentelemetry/resources": "1.0.1"
* Replace the getStaticProps with getServerSideProps
Co-authored-by: Deepak Prabhakara <deepak@boxyhq.com>
* Support 'POST' at authorization endpoint
* handle additional scope params
* handle additional claims param
* Try with `legacy-peer-deps` true
* Fix logic
* Set legacy-peer-deps to `true`
* Remove `.npmrc` files and sync packages from main
* Resolve conflicts
* Load jwtSigningKeys into env
* Return id_token for OIDC flow
* Support `nonce`
* Add type for `nonce`
* Set `nonce` only if present in request
* Expose OpenId provider metadata
* Update metadata
* Tweak path remove dot, map jwks
* Add jwsAlg and source keys using base64
* Source jose from root package.json too
* JWS utils
* Serve jwks_uri
* Load private key for signing
* Fix authz endpoint
* Format example env
* Fix claims
* Format discovery and add missing metadata
* Include the basic profile in id_token
* Fix claims access
* Remove console log
* Sync package lock
* Cleanup
* Support for claims is optional
* cleanup type
* Set `Content-Type` header
* Remove default from env
* Handle jwt env
* oidc fixture
* Test for oidc flow, check id_token in response
* Add jwt envs
* Fix for undefined
* Remove keys check in controller init
* Runtime check for JWS keys
* check if id_token is absent
* Check for claims and verify signature
* Snapshot test oidc discovery page
* Add snapshot for linux to work in CI
* Test with a fontless screenshot
* test with this one
* add a debug step
* Get the entire dir for snapshot
* Test with this
* Comment out debug step
* snapshot test jwks
* Update env
* Upload screenshot for linux
* Add debug step
* Update snapshot
* Sync package lock
* Remove local testing snapshots
* Assert using api request
* Update to use api test for jwks endpoint
* Set `JWS_ALG` env
* Prefix openid vars
* Fix env access
* Fix e2e test
* Fix options in tests
* Fix env var access
* Use ttl from env
* Simplify exp value setting
* oidc discovery controller
* Fix typing
* Handle case where signing keys are not set
* return `oidcDiscoveryController`
* Throw a JacksonError like object
* Use controllers and cleanup
* throw JacksonError like object
* Minor formatting
* Fix typing and add check for undefined
* Keep order of packages same as in main
* Update key generation comment
* Initialise `openid` correctly in npm
* Cleanup
* Set `sub` claim
* Set 'sub' only for oidc flow
* moved jackson-next to this repo
* fixed working-directory
* updated package-lock
* fixed docker build
* fixed dockerfile
* cleanup
* save npm version for use in the build step
* switching the order
* fixed env secret
* update saml-jackson to the current version before building the next.js service
* build from typescript and change main and types before publishing npm
* copy README.md from root before publishing npm
* update README only for prod versions
* read version from root package.json file
* fixed artifact
* updated package-lock