Skip to content

Home

Jump to bottom
nopbyte edited this page Aug 25, 2017 · 20 revisions

Welcome to the agile-idm-web-ui wiki!

Roadmap:

Requirements:

Add tests for meta policy settings (limit, and intermediate values)

Add tests for audit (check that all writes to attributes or calls to the pdp work)

Finish lock test

Add meta policy to some conf file in idm-core and check that they are enforced always.

Nice to have:

  • improve error handling when the redirect to is lost in the login page (url must be a string error)

Current status since last release:

Functionality for v1.0.2

Additional features:

  • policy enforcement over nested attributes, i.e. credentials.dropbox
  • support for the enforcement of strict json schema https://github.com/tdegrunt/jsonschema/issues/173
  • Dropbox authentication
  • change the console-based script to generate users and clients to use the API without enforcement to ensure that policies were created for every entity
  • hash users' passwords
  • endpoints to reset passwords for own and other users if admin
  • endpoints to fetch and write attribute's policies
  • initial mockup of pdp for actions in the AGILE API (for initial integration)
  • add endpoint to delete an attribute
  • add endpoint to list all users, and groups

bug fixes:

  • fix non-deterministic behaviour during login (sometimes another user was chosen).

  • fix group issue reported in agile-idm-entity-storage: groups now can be deleted without removing entities first. Before there was an inconsistency when this was the case.

  • fix issue when the same user logs is with different clients: when the same user used different clients simultaneously, there was only one session valid.

  • fix to ensure that the client id is propagated to the provider strategies. This allows strategies to create tokens for a particular oauth2 flow and for a particular client, to ensure that there are no race conditions.

  • fix add expiration time, and deletion of tokens that expired (when they are queried). Also a general cleanup of the token db happens whenever tokens are iterated, so we keep only tokens that are valid.

  • fix session sync issue between passport and tokens stored in the db (this was generating an error when integrated with OS.js from which the only way to recover is to delete cookies from the browser)

Functionality for v1.0.1 (Passport and LevelDB pre-release)

  • Oauth Server functionality:

  • implements the authorization code authorization flow see example here

  • implements the client credential authorization flow see example here

  • implements the implicit grant see example here

  • Storage:

  • Proper handling of Oauth2 clients (through entities of type client)

  • Storage of tokens

  • Generic storage of entities in leveldb

  • Policy Enforcement

  • Uses owner policies to handle visibility of private attributes, such as the user's password

  • Uses role policies (admin) to protect creation of new entities and setting of roles and passwords.

Clone this wiki locally