INDIGO IAM Dashboard is the web application of INDIGO IAM developed by INFN.
The dashboard is implemented in TypeScript, using React and Next.js. The OpenID Connect authorization flow is handled by Auth.js
Even though not strictly necessary, it is highly recommended to use VSCode with the Dev Containers integration.
This project is provided with a docker-compose.yaml
which runs the following services
iam-backend: INDIGO IAM backend (and old dashboard)iam-database: MySQL instance for IAM backendiam-dashboard: the new dashboard (core of this project)iam-nginx: NGINX proxy pass instance which route the traffic between services
It is possible to start all services from within VSCode, launching the command
Reopen in Container. Otherwise, it is possible to manually start the services
with
docker compose up -dand then, in VSCode, attach the session with Attach to Running Container...
The application needs .env file to setup some configuration variables.
For development define the following variables:
# .env
NODE_ENV=debug
IAM_AUTHORITY_URL=https://iam-dev.cloud.cnaf.infn.it # or http://localhost:8080
IAM_CLIENT_ID=<your_client_id>
IAM_CLIENT_SECRET=<your_client_secret>
AUTH_SECRET=<authentication_secret> # see belowAUTH_SECRET is a variable to securely protect session cookies for
authentication. You could generate a secret running
openssl rand -base64 32After launching the services, from VSCode, within the iam-dashboard
container, start the development server
npm run devSomething similar to the following should be prompted:
> [email protected] dev
> next dev -p 8080
▲ Next.js 14.2.2
- Local: http://localhost:8080
- Environments: .env
✓ Starting...
✓ Ready in 9.5sThe dashboard acts as client for IAM backend and thus, registering the client is required. This step is required the first time only, and whenever the database volume is deleted/recreated.
To register a new client, go to
http://localhost:8081/ to load the old dashboard, or go
to your production IAM instance.
Login as admin and register a new client. Give it a name, such as
iam-dashboard and add the
<IAM_URL>/auth/callback/indigo-iam
(without the trailing /) URL to the Redirect URIs.
In Scopes, assure that the following scopes are enabled
emailoffline_accessopenidprofilescim:readscim:write
In Grant Types, enable authorization_code.
Finally, in the Crypto section enable PKCE with SHA-256 has algorithm.
Save the client and copy client_id and client_secret, then edit the
envs/dev.env file replacing IAM_CLIENT_ID with the
correct values.
A Docker image is automatically built using GitHub Action. As for development,
the same environment variables are required, plus the AUTH_URL variable. The
latter is need when the application is behind a docker image or proxy which
hides the current hostname.
Create the following environment file, giving your preferred name, for example
prod.env
# prod.env
IAM_AUTHORITY_URL=https://iam-dev.cloud.cnaf.infn.it # or http://localhost:8080
IAM_CLIENT_ID=<your_client_id>
IAM_CLIENT_SECRET=<your_client_secret>
AUTH_SECRET=<authentication_secret>
AUTH_URL=<dashboard_hostname> # e.g. https://iam-dashboard.cloud.cnaf.infn.itTo start the application then run
docker run -p <some-port>:80 --env-file=prod.env cnafsoftwaredevel/iam-dashboard:latest- Sudo mode (panic!)
- Add Table component
- Validate password before submission
- Whats happen if I change password when there is no password at all?
- Finish the "Add to group" functionality
- Add "Change membership end time"
- Add "Link external account" feature
- Add "Link Certificate"
- Add "Request Certificate"
- Add "Add managed proxy certificate"
- Add "Add ssh key"
- Add "Set attribute"
- Create the users table
- Add "Delete user" button per each row
- Maybe add a multiple selection to delete multiple users in bulk
- Create the groups page
- Add "Add Root Group" feature
- Add "Add Subgroup" button per each row (?!)
- Add "Delete Group" button per each row
- Create "Registration Request" tab
- Create "Group requests" tab
- Add "Edit AUP"
- Add "Request AUP Signature"
- Add "Delete AUP"
- Add Clients table
- Add "New Client"
- Add "Edit client" per each row
- Add "Delete client" per each row
- Add Client "edit" page with tabs:
- Main (client name, client id, client description, redirect URIs, contacts, etc)
- Credentials (Token endpoint auth method, client secret, registration access token, regenerate registration a.c., Public key set, JWK URI)
- Scopes (System scope, Custom scope)
- Grant types
- Tokens (A.T. timeout, ID T. timeout, R.T settings & timeout, Device code timeout)
- Crypto (PKCE settings)
- Other info (Homepage URL, ToS, Policy)
- Owners (Show owners, assign owner)
- ???
- Add Scopes table
- Add "Edit Scope" button per each row (Description, default scope, restricted)
- Add "Delete scope" button per each row
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent