Skip to content

DEICH-6443 - Refactored project structure.

Tom Adam requested to merge DEICH-6443_IDP_porten_authenticator into master

DEICH-6443 - ID-porten integration done

-Display registration form only for users not yet registered in Cicero
-Separated user creation and federation link creation (needs to be reusable)
-Fixed authentication flow based on local/Cicero user registration status
-Package structure fix

DEICH-6443 - Initial commit of working id-porten integration with registration and cicero user federation

Making IDP login with federated user storage was a bit of a challenge. The default `Create user if unique` step checks if the user exists. This returns true, since the user is found in the Cicero user storage provider - as a remote user in Cicero. This is a required functionality to make initial Cicero login using pin possible (local user is set up in a later phase). So, this guy was a no-go. To make this all work, the CiceroAuthenticator has taken over the job of IdpCreateUserIfUniqueAuthenticator by doing the user registration on its own. However, to make user lookup work as the second login attempt is made, the user federation link must also be set on the created user. This is basically the id of the CiceroUserProvider configuration. To make this happen, CiceroAuthenticator does a lookup to find the Cicero user provider based on its name (config parameter, default is "Cicero") and its provider type (basically, `UserStorageProvider.class.getName()`). This way the federation link is also set, and everybody is happy.

In addition:
-i18N
-registration form validation

Still some loose ends:
-code looks ugly, but works - worth to have a safety backup in gitlab before I fall asleep :)
-already existing Cicero user + IDP login must be handled
-auth status needs to be checked in cicero calls in CiceroAuthenticator

DEICH-6443 - Moved borrower role to common config, ProviderConfigBase likes both, Map and MultiValuedHashMap 😍

DEICH-6443 ID-porten - created and added ID-porten first broker login, configured CiceroAuthenticator - responsible for registering new users in Cicero at first id-porten idp login.

DEICH-6443 ID-porten - added Role based client access check post login flow.

DEICH-6443 ID-porten - backchannel logout set to on.

DEICH-6443 Conflicts fixed after master rebase.

DEICH-6443 - Help text fix - was referring a no longer existing prop.

DEICH-6443 - pom cleanup + extracted CiceroApiBase with common functionality.

DEICH-6443 - Whitespace fix.

DEICH-6443 - getApiSessionKey fix

DEICH-6443 - roleAuthProvider moved over to common config architecture

Support was needed for borh, MultiValueHashmap and Map config fetch. See ConfigEntry.java.

Renamed propName to name.

DEICH-6443 - Refactored - reusable ConfigEntry architectures, shared cicero common config

CiceroAuthenticator is copy-paste of RoleAuthenticator with some changes towards the right direction :)

Fixed naming gotchas in package names :)

DEICH-6443 - Final project structure. Following keycloak SPIs for grouping modules.

DEICH-6443 - Refactored project structure.

Benefits:
-can be built from the project root
-all providers are built at once, result in the dist folder
-re-usability

Merge request reports