-
Notifications
You must be signed in to change notification settings - Fork 47
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update fence to now include Okta as an OIDC Identity Provider #890
Conversation
Sync up from master
Removed some unessessary generic settings.
revert to how it is in source before okta tests.
clean up of my build file.
Adding the discovery URL for okta in test config to see if that solves issue in testing scripts.
changed the discoveryURL to have {tenant} instaed of real value for tests.
Updates to the testing scripts to return a status code for the Okta discovery URL which is not valid. Okta doesn't have a general discover URL, only specific to tenants, so can't use one in testing framework.
removed unused modules from fence/blueprints/login/okta.py and fence/resources/openid/okta_oauth2.py
As reported by codacy, removed a trailing whitespace.
PR has fallen behind current main changes. Updated test-fence-config from main branch to get back in sync, now re-applying changes to test-fence-config.yaml for Okta configuration.
Removing extra blank lines from test_login_redirect.py
Added okta as an idp to test_audit_services.py
Pull Request Test Coverage Report for Build 10767
💛 - Coveralls |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hey @cginmn , thanks for your PR and sorry it took so long to review! This LGTM; just one thing I noticed during manual testing--see inline comment.
Other than that, we're working to get this through the integration tests, and then will approve ASAP. Thanks again!
*whoops--integration tests and also a little bit more manual testing! |
Update the mock response for username and also updated comments for okta IDP on test-fence-config
per recommendations, ran "black ." to fix formatting.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM!
Note for posterity: Needs this cloud-auto modification uc-cdis/cloud-automation#1566 for squid to allow the oauth handshake. If Fence complains about a sub claim, make sure your Okta user has a username and Okta is otherwise configured so that the sub claim is populated.
Thank you for your contribution @cginmn and for your patience! 🙏
Added a new profile for Okta to be additional option for an OpenID Connect (OIDC) Identity Provider.
New Features
I essentially took the current Azure AD OIDC profile as a template and modified it to work with Okta as the provider.
Breaking Changes
Bug Fixes
Improvements
Now supports Okta as an OIDC provider
Dependency updates
Deployment changes