Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feat/stateless auth sso #73

Open
wants to merge 42 commits into
base: main
Choose a base branch
from
Open

Feat/stateless auth sso #73

wants to merge 42 commits into from

Conversation

DelaunayAlex
Copy link
Collaborator

No description provided.

DelaunayAlex and others added 30 commits February 3, 2025 15:03
@DelaunayAlex @BIDOU95
[WIP] feat(ui, server): Generic SSO OAuth2 OpenID Connect
6a28c8f
@DelaunayAlex @BIDOU95
[WIP] feat(server, ui): Conf SSO OAuth2
e218221
@DelaunayAlex @BIDOU95
feat(server, ui): SSO OAuth2 with mock oidc-provider, authenticate SS…
fab7edb 
…O Opaque token and generate session on server side
@DelaunayAlex @BIDOU95
feat(server, ui): SSO OAuth2 with mock oidc-provider, authenticate SS…
ab6bfb5 
…O Opaque token and generate session on server side
@DelaunayAlex @BIDOU95
feat(ui, server): Doc local oidc provider
73fec7d
@DelaunayAlex @BIDOU95
feat(server, ui): Fix PR
4ac792e
@DelaunayAlex @BIDOU95
feat(server, ui): Add licence
0e8d32a
@DelaunayAlex @BIDOU95
feat(ui): Use app initializer
9ccf3fd
@DelaunayAlex @BIDOU95
feat(server, ui): Fix PR
769729a
@DelaunayAlex @BIDOU95
feat(server): Add proxy
a3b9eca
@DelaunayAlex @BIDOU95
feat(ui): Update headers OAuth2
1be260f
@DelaunayAlex @BIDOU95
feat(ui): Update headers OAuth2
d8d747c
@DelaunayAlex @BIDOU95
feat(ui): SSO : Replace idToken with accessToken
ed89ff3
@DelaunayAlex @BIDOU95
feat(ui, server): Ui parameter via server, add logo sso
c8411f6
@DelaunayAlex @BIDOU95
[WIP] feat(ui, server): add param id_token_hint
7463681
@DelaunayAlex @BIDOU95
[WIP] feat(ui, server): add param id_token_hint
68d7364
@DelaunayAlex @BIDOU95
feat(ui): fix logout sso
002823b
@DelaunayAlex @BIDOU95
feat(ui): SSO : Fix redirect uri
93c5ff8
@DelaunayAlex @BIDOU95
feat(ui): fix retry sso
feba8f8
@DelaunayAlex @BIDOU95
feat(ui): fix test
26d2ae8
@DelaunayAlex @BIDOU95
feat(ui): fix PR
3b939f9
@DelaunayAlex @BIDOU95
feat(ui): fix PR
cd3f9e4
@boddissattva @BIDOU95
chore(): Allow to test sso with a local-dev server running on 8443
2b6794c
@boddissattva @BIDOU95
chore(): Clean and fix flaky test
e90da2e
@boddissattva @BIDOU95
chore(): Fix flaky test
600ce6c
@DelaunayAlex @BIDOU95
feat(ui, server): Alert message when sso auth fails, fix PR
94c9a0f
@BIDOU95
feat(server,ui): Stateless auth, reafacto basique auth / sso
811b8d8
@BIDOU95
feat(server,ui): Refacto auth guard
8ae587e
@BIDOU95
feat(server): Multiple userdetailservice bean for JWT Filter
1167b3a
@BIDOU95
feat(server): Multiple userdetailservice bean for JWT Filter
f364c22
nbrouand
nbrouand reviewed Feb 5, 2025
View reviewed changes
chutney/packaging/local-dev/src/main/resources/application.yml
@@ -54,7 +46,14 @@ spring:
- undertow-https-redirect
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this packaging is not used for local dev only but also for our docker image, do we want ldap by default ?

@DelaunayAlex
Copy link
Collaborator Author

  • Delete logout from server
  • Do not check userDetailsService everytime we validate the jwt token
  • Merge ClientRegistration and custom sso params in application.yml
  • Remove httpbasic from security chain
  • Generate token after login in loginSuccessfulHandler ?
  • Use the object UserDetails instead of serializing the user in claims

boddissattva
boddissattva reviewed Feb 18, 2025
View reviewed changes
chutney/server/src/main/java/com/chutneytesting/security/infra/jwt/JwtUtil.java
return extractClaim(token, Claims::getExpiration);
}

private String createToken(Map<String, Object> claims, String subject) {
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why not forge a token with an local issuer for chutney ? and add chutney authorizations as claims/scopes ?

boddissattva
boddissattva reviewed Feb 18, 2025
View reviewed changes
chutney/server/src/main/java/com/chutneytesting/security/infra/jwt/JwtAuthenticationFilter.java
if (username != null && SecurityContextHolder.getContext().getAuthentication() == null) {
var userDetails = userDetailsServices.stream().map(service -> {
try {
return service.loadUserByUsername(username);
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why call the underlying user details service ? You need only to retrieve the chutney authorizations from the corresponding service given the username, i think.

boddissattva
boddissattva reviewed Feb 24, 2025
View reviewed changes
chutney/packaging/local-dev/src/main/resources/application-sso-auth.yml
#SPDX-FileCopyrightText: 2017-2024 Enedis
#SPDX-License-Identifier: Apache-2.0

spring:
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is all configs required here ? Seems a bit redondant.

boddissattva
boddissattva reviewed Feb 24, 2025
View reviewed changes
chutney/server/pom.xml
@@ -86,6 +86,10 @@
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-oauth2-client</artifactId>
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Are we not just a resource server ?

boddissattva
boddissattva reviewed Feb 24, 2025
View reviewed changes
chutney/packaging/local-dev/src/main/resources/application-sso-auth.yml
oidc:
user-info-uri: "${auth.sso.issuer}/userinfo"

auth:
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please use chutney. as prefix

boddissattva
boddissattva reviewed Feb 24, 2025
View reviewed changes
chutney/packaging/local-dev/src/main/resources/application.yml
- mem-auth
- db-sqlite

auth:
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please use .chutney prefix.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nbrouand nbrouand nbrouand left review comments

@boddissattva boddissattva boddissattva left review comments

At least 1 approving review is required to merge this pull request.

Assignees

@DelaunayAlex DelaunayAlex

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@DelaunayAlex @nbrouand @boddissattva @BIDOU95