Enhance OIDC authentication flow #1957
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
sbreker
force-pushed
the
dev/oidc-enhancements-for-sso
branch
12 times, most recently
from
3e74220
to
e17e6c8
Compare
sbreker
force-pushed
the
dev/oidc-enhancements-for-sso
branch
13 times, most recently
from
5aa4918
to
571a66f
Compare
sbreker
force-pushed
the
dev/oidc-enhancements-for-sso
branch
5 times, most recently
from
121381a
to
ace6a28
Compare
sbreker
force-pushed
the
dev/oidc-enhancements-for-sso
branch
3 times, most recently
from
46a3374
to
79df106
Compare
sbreker
force-pushed
the
dev/oidc-enhancements-for-sso
branch
2 times, most recently
from
6b88016
to
960452f
Compare
Add a new setting to control whether local AM authentication is available when OIDC authentication is in use. If local AM authentication is disabled, then users will only be able to authenticate via the OIDC provider. If the new setting is not configured, local AM authentication is available. Add ability to define more than one OIDC provider in AM. Specific providers can be chosen using HTTP query params passed to the server when authenticating.
Override the mozilla_django_oidc OIDCLogoutView class to allow Archivematica to support sending an OIDC logout message to OIDC providers that support it.
Allow independent configuration of OIDC endpoints for each configured provider.
Ensure get_settings() is overridden for the mozilla_django_oidc OIDCAuthenticationCallbackView class.
Fixes issue where the 'providername' session variable is was not deleted on logout. Fixes issue where secondary OIDC endpoint logout path was not being used when a secondary provider was used.
Remove automatic conversion of provider names to uppercase from get_oidc_secondary_providers(). Update the OIDC middleware to convert the secondary provider name to uppercase before validation.
Add vars to docker compose file.
Removed custom OIDC login view in favour of updating the LOGIN_URL based on system configuration.
Change where middleware is added in the list of middleware.
replaceafill
force-pushed
the
dev/oidc-enhancements-for-sso
branch
from
960452f
to
087cd0c
Compare
replaceafill
approved these changes
Oct 4, 2024
Dhwaniartefact
approved these changes
Oct 4, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Adds two new enhancements for OIDC authentication flow:
Add a new setting to control whether local AM authentication is
available when OIDC authentication is in use. If local AM authentication
is disabled, then users will only be able to authenticate via the OIDC
provider. If the new setting is not configured, local AM authentication
is available.
Add ability to define more than one OIDC provider in AM. Specific
providers can be chosen using HTTP query params passed to the server
when authenticating.