Challenge Overview
In this challenge series we’ll be developing a SSO solution that will be a reverse proxy to a target application. It will authenticate users via LDAP, then authorise logged in user to perform requested action. Authorization will use a set of rules and policies, and will set additional HTTP headers to the proxied request. Application will have a separate management interface to manage policies, rules, headers and users.
In a previous challenge, we have built crud services for managing the SSO application. This challenge will focus on integrating the frontend interface.
UI prototype is deployed to https://auth-heroku-app.herokuapp.com. Pages in scope are login, headers, policies and header preview (admin pages will be handled in the next challenge). Base code is available in the forums. Backend code is also available in the forums and can easily be deployed locally.
NOTE: Review and appeals phases are shorter than usual so pay attention to the timeline.
Login screen
In a previous challenge, we have built crud services for managing the SSO application. This challenge will focus on integrating the frontend interface.
UI prototype is deployed to https://auth-heroku-app.herokuapp.com. Pages in scope are login, headers, policies and header preview (admin pages will be handled in the next challenge). Base code is available in the forums. Backend code is also available in the forums and can easily be deployed locally.
NOTE: Review and appeals phases are shorter than usual so pay attention to the timeline.
Login screen
Remove sign up and forgot password links
Relevant API call is POST /login - make sure to handle all failure cases.
Relevant API call is POST /login - make sure to handle all failure cases.
Header Details
Add search section on top, similar to search on AdminConfig screen
Header list should be populated from a call to GET /headers
Create, update and delete should call POST /headers, PUT /headers/{id}, DELETE /headers/{id} respectively
Remove the 'Variable Name' field
In case of User Attribute header type, change 'Value/Attribute name' field to a dropdown with values from GET /ldap-attributes
In the Create/Modify Header section, 'Add' button should be 'Update' when editing a header, and there should be a cancel button to get out of the header editing form.
Policy Configuration
Policies list should be populated from a call to GET /policies
Delete a policy should show a confirmation dialog
Add/edit rule dialog:
Move 'Select header' dropdown bellow the 'Selected Rules' field.
Change 'Selected Rules' label to 'Rule name' - it should be an optional field
'Select headers' dropdown should be populated from api call to GET /headers
'LDAP attribute' dropdown should be populated from GET /ldap-attributes
Remove the 'Rules' column in the 'Added rules table'
'Rules info' column in the Rules table should be populated as 'Rule name (<rule details>)' where rule details is coma separated list of rule.ruleInfo.name=rule.ruleInfo.value pairs
Headers table will just list the headers from all rules in the policy, while Static Headers and User Attribute headers tables will show details for headers where header.type is Static or Dynamic respectively.
Headers Preview
To get headers preview call /headers/evaluate/{username} and display a table with columns for header name and header value.
Final Submission Guidelines
Submit the full source code for the appDeployment guide (environment, configuration, build, run - local and heroku)
Verification guide for testing the application features