Affects Version/s: None
Fix Version/s: v2.4.0
Epic Name:Default, available out-of-the-box setup
Goal: provide a possibility to easily load a recommended and complete set of artefacts, to have a generally useful and properly configured server. It should be also painless to establish connection with well known or standards-following services: external IdPs and SPs using Unity as their IdP.
Such configuration should be a default one - installed to every new server, unless disabled in configuration prior to starting the server.
What should be set up:
- attribute types, providing all types necessary to achieve seamless integration with popular OAuth providers (Google, FB, LinkedIn), standard types from OpenIdConnect spec, SAML eIDAS, MACE-Dir&eduPerson, fundamental LDAP schemas. Of course each attribute type should have a single occurrence, regardless of number of variants - i.e. we want to have unified set of attributes.
- Predefined profiles for well known external providers (Google, FB and other directly supported) and SAML services using schemas well known schemas (as above)
- secure password credential, certificate credential
- credential requirements: one with all credentials and one per each credential
- Implement proper default credentials and cred reqs in default configuration module. 3pt
- Possibility to include in one translation profile an another. Including profile must be able to overwrite actions from the included profile. 7pt
- Make sure that profile won't fail if Unity attribute is missing. 1pt
- Define default set of attribute types. As groovy scripts or better define a syntax to configure them in text file. Split into couple of smaller sets, logically connected. See above for sources to establish the common attributes. 7pt
- Prepare default translation profiles for: OAuth (generic), OIDC (generic), individual supported OAuth providers, SAML (generic), SAML using supported schema (see above). Should map to the default attribute types. The system profiles must be read only (but cloneable). 15pt
- Allow for loading of predefined attribute type sets (those created in upper point) from AdminUI at runtime. Should allow for overwrite mode (all existing are overwritten) and merge mode (only new ones are added). 3pt
- Make input translation profiles optional parameter of authenticators. Fallback to defaults created above. 3pt
- Prepare default system output profiles: OIDC, SAML, eduGain, UNICORE. 7pt
- By default use proper default output profiles on IdP endpoints. 3pt
- Make translation profile editor more compact: by default show action in compact form (one read only line), show edit UI after expanding. Use small controls. 3pt