[HSL] select sign in mechanisms DRAFT

[ilarimikkonen]

Not all login options (Fiware, github, HSL) are necessarily needed. We need a mechanism where admin can select which logins are allowed. One mechanism (user / pass combo) needs to be allowed in any case.

If we need to assume that HSL id owners are all admins and HSL ID login forces MFA, we need to have a procedure when setting up the instance:

• one signs in, is admin
• disable all other logins
• make sure another admin comes with HSL ID
• demote initial admin

Tests:
0) all sign in options are visible in front page when user is not signed in

1. make sure you have admin role

2. go to settings

3. from settings untick all sign in mechanisms

4. save
   expected: in from page when not signed in, only user / pass sign in option is visible

5. make sure you have admin role

6. go to settings

7. select one sign in from list

8. save
   expected: in from page when not signed in, only user / pass sign in and selected option is visible.

9. ssh to server

10. change sign in settings
    expected: in from page when not signed in, only user / pass sign in and selected option are visible.

So, make this so that settings can be changed with SSH server access

IF admin in APInf platform should be forced to use hsl id + mfa, HSL ID needs to be enable always. In this case Test:
0) be admin. go to settings

1. tick "Enforce MFA"
   Expected: HSL ID is automatically ticked and ghosted

2. be admin. go to settings

3. untick "Enforce MFA"
   Expected: HSL ID is automatically unticked and not ghosted

4. make sure you are an admin

5. "Only platform administrators are allowed to add new APIs" needs to be checked

6. make sure you are not admin

7. try to access settings
   Expected: settings can't be accessed

8. "Only platform administrators are allowed to add new APIs" needs to be checked

9. make sure you are not admin.

10. try to access API settings
    Expected: settings can't be accessed

[ilarimikkonen]