-
Notifications
You must be signed in to change notification settings - Fork 258
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
SAML SLO support #11182
SAML SLO support #11182
Conversation
4599021
to
39d0d99
Compare
Linking backend changes over at rancher/rancher#45379 |
9144668
to
ca284b4
Compare
Summary of my changes
|
@richard-cox been taking a look at your commits and codewise they seem fine. Eager to test this from end-to-end with Okta. One other thing, which is a nice to have so we might bump it to another issue, is that with the |
Backend pushed out to 2.10.0 - pushed PR out as well - unless this only shows up if the backend supports? |
ca284b4
to
b0d98a5
Compare
…o prompt user to select SLO logout type when logging out of Dashboard
…to make it store reactive
…redirct / verify route)
b0d98a5
to
6ae39e1
Compare
@richard-cox I've given this a go with Screen.Recording.2024-08-21.at.15.29.14.mov |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If possible, I think that it would be good to replace the deprecated slot syntax before we merge 🙂
Co-authored-by: Phillip Rak <rak.phillip@gmail.com>
Co-authored-by: Phillip Rak <rak.phillip@gmail.com>
@rak-phillip made the changes, tested, and all works fine! Thanks for the review! 🙏 |
- it uses the plain template which now contains it - caused x2 modals to show
Summary
Fixes #10941
Occurred changes and/or fixed issues
logoutAllEnabled
&&! logoutAllForced
)PromptModal
to thehome
template so that the user can get the logout modal while browsing pages that usehome
templateauth
store to account for a different logout actionnormal logout
andlogout ALL
)Technical notes summary
To whoever is the reviewer of this PR, some notes on what each file's responsibility are:
nav/Header.vue
-> where logout modal was added (iflogoutAllEnabled
&&! logoutAllForced
, then by clicking on the logout button, we'll get a modal to select type of logout)templates/home.vue
-> we were missing thePromptModal
, so we wouldn't get the logout modal on the home screenSloDialog
-> actual logout modal addededit/auth/saml.vue
-> where the new inputs were added to setup the logout behaviourmixins/auth-config
-> where we handle the parsing of the model for the radio option selected in the UI for the log out behaviour. Since the mixin is responsible for fetching the necessary data, the parsing needs to be done here and not inedit/saml.vue
auth/logout.vue
-> responsible for handling logout IF we aren't in a logout modal scenario (iflogoutAllForced
then we perform the logout ALL and no modal was triggered. That dispatches the logout action with different params, hence the code adjustment)auth/verify
-> where we handle the redirect from logout in case of a logout ALL. Still haven't been able to test this part at this point in time. Might need some adjustments here to do final "plumbing" of the whole logout cyclestore/auth.js
- > where actual logout "action" to the backend get's triggered. logout ALL has a different logoutaction
when calling the/v3/tokens
endpoint, hence the adjustments neededutils/auth.js
-> helper methods. Had to addIS_SLO
as param in thereturnTo
method so that we can differenciate a logout from a login inauth/verify
Areas or cases that should be tested
Okta SAML setup Creation
)Users & Authentication
->Auth Provider
-> selectOkta
and setup everything according to the previously mentioned document. Set Log out behaviour toAllow the user to choose in an extra step
to get access to the logout modal and therefore test both scenariosAreas which could experience regressions
auth/verify
)Screenshot/Video
Checklist