Details

    • Type: Epic
    • Status: Done
    • Priority: Medium
    • Resolution: Done
    • Affects Version/s: None
    • Fix Version/s: v2.4.0
    • Labels:
      None
    • Epic Name:
      Default, available out-of-the-box setup

      Description

      Assembla ticket #620 | Author Roman Krysinski | Created on 01 Sep 2017 11:45

      Goal: provide a possibility to easily load a recommended and complete set of artefacts, to have a generally useful and properly configured server. It should be also painless to establish connection with well known or standards-following services: external IdPs and SPs using Unity as their IdP.
      Such configuration should be a default one - installed to every new server, unless disabled in configuration prior to starting the server.

      What should be set up:

      1. attribute types, providing all types necessary to achieve seamless integration with popular OAuth providers (Google, FB, LinkedIn), standard types from OpenIdConnect spec, SAML eIDAS, MACE-Dir&eduPerson, fundamental LDAP schemas. Of course each attribute type should have a single occurrence, regardless of number of variants - i.e. we want to have unified set of attributes.
      2. Predefined profiles for well known external providers (Google, FB and other directly supported) and SAML services using schemas well known schemas (as above)
      3. secure password credential, certificate credential
      4. credential requirements: one with all credentials and one per each credential

      Individual tasks:

      1. Implement proper default credentials and cred reqs in default configuration module. 3pt
      2. Possibility to include in one translation profile an another. Including profile must be able to overwrite actions from the included profile. 7pt
      3. Make sure that profile won't fail if Unity attribute is missing. 1pt
      4. Define default set of attribute types. As groovy scripts or better define a syntax to configure them in text file. Split into couple of smaller sets, logically connected. See above for sources to establish the common attributes. 7pt
      5. Prepare default translation profiles for: OAuth (generic), OIDC (generic), individual supported OAuth providers, SAML (generic), SAML using supported schema (see above). Should map to the default attribute types. The system profiles must be read only (but cloneable). 15pt
      6. Allow for loading of predefined attribute type sets (those created in upper point) from AdminUI at runtime. Should allow for overwrite mode (all existing are overwritten) and merge mode (only new ones are added). 3pt
      7. Make input translation profiles optional parameter of authenticators. Fallback to defaults created above. 3pt
      8. Prepare default system output profiles: OIDC, SAML, eduGain, UNICORE. 7pt
      9. By default use proper default output profiles on IdP endpoints. 3pt
      10. Make translation profile editor more compact: by default show action in compact form (one read only line), show edit UI after expanding. Use small controls. 3pt

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              krycha Roman Krysinski
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: