Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update fence to now include Okta as an OIDC Identity Provider #890

Merged
merged 31 commits into from
Apr 20, 2021
Merged

Update fence to now include Okta as an OIDC Identity Provider #890

merged 31 commits into from
Apr 20, 2021

Conversation

cginmn
Copy link
Contributor

@cginmn cginmn commented Mar 30, 2021

Added a new profile for Okta to be additional option for an OpenID Connect (OIDC) Identity Provider.

New Features
I essentially took the current Azure AD OIDC profile as a template and modified it to work with Okta as the provider.

Breaking Changes
Bug Fixes
Improvements
Now supports Okta as an OIDC provider

Dependency updates
Deployment changes

cginmn and others added 24 commits August 27, 2020 12:55
@cginmn
added configurations for Okta and Generic IdPs
b9bebcf
@cginmn
Update .gitignore
a6c0ab3
@cginmn
fixing conflict
c145c6f
@cginmn
fixing blank line
1df7c8f
@cginmn
Merge pull request #2 from uc-cdis/master
7de1390 
Sync up from master
@cginmn
updates for testing framework
4a171fc
@cginmn
fix okta URL
8e84418
@cginmn
Cleanup okta code and testing scripts
afd1ad2
@cginmn
Merge remote-tracking branch 'upstream/master'
1692cba
@cginmn
cleanup of okta code
9ad372c 
Removed some unessessary generic settings.
@cginmn
revert testing config to default google
648fcd9 
revert to how it is in source before okta tests.
@cginmn
Delete build.sh
0728b47 
clean up of my build file.
@cginmn
Update okta discovery URL
16ee86f 
Adding the discovery URL for okta in test config to see if that solves issue in testing scripts.
@cginmn
update discovery URL in test script
498b70c 
changed the discoveryURL to have {tenant} instaed of real value for tests.
@cginmn
update to test_login_redirect.py scripts
31dcf81 
Updates to the testing scripts to return a status code for the Okta discovery URL which is not valid. Okta doesn't have a general discover URL,  only specific to tenants, so can't use one in testing framework.
@cginmn
Merge branch 'master' into master
98649f4
@cginmn
removed unused modules from Okta files.
86d6b21 
removed unused modules from fence/blueprints/login/okta.py and fence/resources/openid/okta_oauth2.py
@cginmn
Merge branch 'master' of https://github.com/cginmn/fence-service
1d9de67
@cginmn
updated okta_oauth2.py to remve trailing white space
11b98b0 
As reported by codacy, removed a trailing whitespace.
@cginmn
Merge remote-tracking branch 'upstream/master'
b5f98b4
@cginmn
fix merge conflict issues on test-fence-config.yaml
6776a2e 
PR has fallen behind current main changes. Updated test-fence-config from main branch to get back in sync, now re-applying changes to test-fence-config.yaml for Okta configuration.
@cginmn
removing blank spaces from test_login_redirect.py
9891ed0 
Removing extra blank lines from test_login_redirect.py
@cginmn
adding okta as an IDP to test_audit_service.py
380e4be 
Added okta as an idp to test_audit_services.py
@cginmn
Merge branch 'master' into master
34b97f7
@coveralls
Copy link

coveralls commented Mar 30, 2021
edited

Pull Request Test Coverage Report for Build 10767

  • 24 of 36 (66.67%) changed or added relevant lines in 4 files are covered.
  • No unchanged relevant lines lost coverage.
  • Overall coverage decreased (-0.004%) to 70.44%
Changes Missing Coverage Covered Lines Changed/Added Lines %
fence/resources/openid/okta_oauth2.py 8 20 40.0%
Totals Coverage Status
Change from base Build 10765: -0.004%
Covered Lines: 5912
Relevant Lines: 8393
💛 - Coveralls

vpsx
vpsx reviewed Mar 31, 2021
View reviewed changes
Copy link
Contributor

@vpsx vpsx left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hey @cginmn , thanks for your PR and sorry it took so long to review! This LGTM; just one thing I noticed during manual testing--see inline comment.

Other than that, we're working to get this through the integration tests, and then will approve ASAP. Thanks again!

fence/resources/openid/okta_oauth2.py Show resolved Hide resolved
@vpsx
Copy link
Contributor

vpsx commented Mar 31, 2021

*whoops--integration tests and also a little bit more manual testing!

@cginmn cginmn mentioned this pull request Apr 15, 2021
Closed
cginmn and others added 4 commits April 15, 2021 12:30
@cginmn
Update to testing code per requested changes
859d5ba 
Update the mock response for username and also updated comments for okta IDP on test-fence-config
@cginmn
Merge branch 'master' into feat/okta-client
56fae7c
@williamhaley
Merge branch 'master' into feat/okta-client
5969bd0
@cginmn
Fixing formatting issues as reported by black output
3ca92d3 
per recommendations, ran "black ." to fix formatting.
vpsx
vpsx approved these changes Apr 20, 2021
View reviewed changes
Copy link
Contributor

@vpsx vpsx left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

Note for posterity: Needs this cloud-auto modification uc-cdis/cloud-automation#1566 for squid to allow the oauth handshake. If Fence complains about a sub claim, make sure your Okta user has a username and Okta is otherwise configured so that the sub claim is populated.

Thank you for your contribution @cginmn and for your patience! 🙏

@vpsx vpsx merged commit 1096198 into uc-cdis:master Apr 20, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@vpsx vpsx vpsx approved these changes

Assignees
No one assigned
Labels
test-apis-metadataIngestionTest
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@cginmn @coveralls @vpsx @themarcelor @williamhaley