harbor icon indicating copy to clipboard operation
harbor copied to clipboard
verified publisher icon goharbor

Allow the Identity Provider to be the primary auth method in Harbor.

Open tpoxa opened this issue 3 years ago • 3 comments

When primary auth is enabled, The IDP other than the DB becomes the default way for users to login. The login screen where the user selects to login via the identity provider or via local DB will automatically redirect the user to this identity provider. Login via DB is possible when visiting the url '/account/sign-in' explicitly.

https://user-images.githubusercontent.com/1492007/203007280-01db3185-3202-4748-a59c-5807a961e3ca.mp4

Please indicate you've done the following:

  • [x] Well Written Title and Summary of the PR
  • [x] Label the PR as needed. release-note/new-feature
  • [x] Accepted the DCO. Commits without the DCO will delay acceptance.
  • [x] Made sure tests are passing and test coverage is added if needed.
  • [x] Considered the docs impact and opened a new docs issue or PR with docs changes if needed in website repository.

tpoxa avatar Oct 04 '22 11:10 tpoxa

Codecov Report

Merging #17627 (dabbc7f) into main (ff9dcd5) will increase coverage by 0.01%. The diff coverage is 37.50%.

Impacted file tree graph

@@            Coverage Diff             @@
##             main   #17627      +/-   ##
==========================================
+ Coverage   66.57%   66.58%   +0.01%     
==========================================
  Files         999      999              
  Lines      108091   108131      +40     
  Branches     2577     2579       +2     
==========================================
+ Hits        71958    72003      +45     
+ Misses      32174    32168       -6     
- Partials     3959     3960       +1
Flag Coverage Δ
unittests 66.58% <37.50%> (+0.01%) :arrow_up:

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files Coverage Δ
...left-side-nav/config/auth/config-auth.component.ts 29.09% <ø> (ø)
.../shared/router-guard/auth-user-activate.service.ts 20.00% <0.00%> (-3.08%) :arrow_down:
src/portal/src/app/shared/services/interface.ts 72.72% <ø> (ø)
src/server/v2.0/handler/systeminfo.go 0.00% <0.00%> (ø)
src/controller/systeminfo/controller.go 63.49% <100.00%> (+0.58%) :arrow_up:
...portal/src/app/base/left-side-nav/config/config.ts 100.00% <100.00%> (ø)
src/portal/src/app/services/app-config.ts 100.00% <100.00%> (ø)
src/common/rbac/system/namespace.go 35.29% <0.00%> (-11.77%) :arrow_down:
...es/vulnerability/vulnerability-config.component.ts 54.07% <0.00%> (-4.45%) :arrow_down:
...ortal/src/app/shared/pipes/harbor-datetime.pipe.ts 32.00% <0.00%> (-4.00%) :arrow_down:
... and 5 more

codecov[bot] avatar Oct 04 '22 12:10 codecov[bot]

@tpoxa can you please help to give more details on this PR?

wy65701436 avatar Oct 17 '22 06:10 wy65701436

@wy65701436 well, oidc users always have to make an extra click time during sign-in; when this option is on, UI should redirect to the oidc provider directly. That was the plan.

tpoxa avatar Oct 19 '22 09:10 tpoxa

That's great!!! @Vad1mo @tpoxa

OrlinVasilev avatar Nov 25 '22 15:11 OrlinVasilev

LGTM

stonezdj avatar Nov 28 '22 09:11 stonezdj

@stonezdj can you approve again

OrlinVasilev avatar Nov 28 '22 15:11 OrlinVasilev

This PR is being marked stale due to a period of inactivty. If this PR is still relevant, please comment or remove the stale label. Otherwise, this PR will close in 30 days.

github-actions[bot] avatar Feb 03 '23 09:02 github-actions[bot]

@tpoxa Please cd src/portal, then run npm run lint_fix to fix any lint-errors, then you can pass the UI-UT check.

AllForNothing avatar Feb 07 '23 04:02 AllForNothing

@Vad1mo I had a try on my own env. This looks fine to me

AllForNothing avatar Feb 07 '23 05:02 AllForNothing

@yanji09 does this fix api calls for idp users as well?

till avatar Apr 14 '23 12:04 till

@tpoxa @Vad1mo Is this feature available for API as well ?

rekha-prakash-maersk avatar Aug 14 '23 11:08 rekha-prakash-maersk