diff --git a/admin-ui/app/locales/en/translation.json b/admin-ui/app/locales/en/translation.json index fd24e7560e..13542a87e1 100644 --- a/admin-ui/app/locales/en/translation.json +++ b/admin-ui/app/locales/en/translation.json @@ -617,7 +617,10 @@ "reloginToViewCedarlingChanges": "Please Re-login to view the cedarling changes.", "allAvailableHintsSelected": "All available hint options are selected", "noMatchingOptions": "No matching options", - "nothingToShowInTheList": "Nothing to show in the list" + "nothingToShowInTheList": "Nothing to show in the list", + "adminUiPolicyStore": "Admin UI Policy Store", + "configApiPolicyStore": "Config API Policy Store", + "localPolicies": "Local Policies" }, "languages": { "french": "French", @@ -650,7 +653,8 @@ "securityDropdown": { "adminUiRoles": "Admin UI Roles", "capabilities": "Capabilities", - "mapping": "Mapping" + "mapping": "Mapping", + "cedarlingConfig": "Cedarling" }, "basic_configuration": "Basic Configuration", "inum_configuration": "Inum Configuration", @@ -944,6 +948,7 @@ "jwk_keys": "JWK keys", "jans_json_property": "Properties", "mapping": "Role/Permission Mapping", + "cedarling_config": "Cedarling Configuration", "modules_properties": "Module Properties", "oauth_server_status_title": "OAuth server status", "oidc_clients": "OpenID Connect Clients", @@ -1704,11 +1709,17 @@ "principalAttribute": "Name or Friendly Name of the attribute used to identify external", "principalType": "Way to identify and track external users from the assertion." }, - "samlConfiguration": { "enabled": "SAML functionality enabled.", "selectedIdp": "Selected SAML server.", "ignoreValidation": "Boolean value to enable/disable SAML validation." + }, + "cedarlingConfig": { + "title": "Configure fine-grained control using Cedarling", + "point1": "1. Create a policy store using Agama Lab. Fork project", + "point2": "2. Copy PolicyStore URL and configure.", + "note": "Note: This will help you to create your own cedarling project. You can update roles and permissions using", + "localPoliciesNote:": "Note: Recommended to set ON for production. If on, it will fetch policies from above URLs, store them in DB, and use them for Cedarling authorization." } } } diff --git a/admin-ui/app/locales/es/translation.json b/admin-ui/app/locales/es/translation.json index 80023abde4..3645447a40 100644 --- a/admin-ui/app/locales/es/translation.json +++ b/admin-ui/app/locales/es/translation.json @@ -617,7 +617,10 @@ "reloginToViewCedarlingChanges": "Por favor, vuelve a iniciar sesión para ver los cambios de Cedarling.", "allAvailableHintsSelected": "Todas las opciones de sugerencia disponibles están seleccionadas", "noMatchingOptions": "No hay opciones coincidentes", - "nothingToShowInTheList": "Nada que mostrar en la lista" + "nothingToShowInTheList": "Nada que mostrar en la lista", + "adminUiPolicyStore": "Tienda de políticas de la interfaz de usuario del administrador", + "configApiPolicyStore": "Almacén de políticas de la API de configuración", + "localPolicies": "Políticas locales" }, "languages": { "french": "Frances", @@ -650,7 +653,8 @@ "securityDropdown": { "adminUiRoles": "Roles de la Interfaz de Administración", "capabilities": "Capacidades", - "mapping": "Mapeo" + "mapping": "Mapeo", + "cedarlingConfig": "Cedarling" }, "basic_configuration": "Configuración Básica", "inum_configuration": "Configuración Inum", @@ -941,6 +945,7 @@ "jwk_keys": "Claves JWK", "jans_json_property": "Propiedades", "mapping": "Mapeo Rol/Permiso", + "cedarling_config": "Configuración de Cedarling", "modules_properties": "Propiedades del módulo", "oauth_server_status_title": "Estado del servidor OAuth", "oidc_clients": "Clientes OpenID Connect", @@ -1705,6 +1710,13 @@ "enabled": "Funcionalidad SAML habilitada", "selectedIdp": "Servidor SAML seleccionado", "ignoreValidation": "Valor booleano para habilitar/deshabilitar validación SAML" + }, + "cedarlingConfig": { + "title": "Configurar un control detallado mediante Cedarling", + "point1": "1. Crear un almacén de políticas con Agama Lab. Bifurcar proyecto.", + "point2": "2. Copie la URL de PolicyStore y configúrela.", + "note": "Nota: Esto te ayudará a crear tu propio proyecto de Cedarling. Puedes actualizar roles y permisos usando", + "localPoliciesNote:": "Nota: Se recomienda activarlo en producción. Si está activado, se obtendrán las políticas de las URL anteriores, se almacenarán en la base de datos y se usarán para la autorización de Cedarling." } }, "validations": { diff --git a/admin-ui/app/locales/fr/translation.json b/admin-ui/app/locales/fr/translation.json index 21103208e1..63d9f8b003 100644 --- a/admin-ui/app/locales/fr/translation.json +++ b/admin-ui/app/locales/fr/translation.json @@ -60,7 +60,8 @@ "securityDropdown": { "adminUiRoles": "Rôles de l'interface utilisateur d'administration", "capabilities": "Capacités", - "mapping": "Mapping" + "mapping": "Mapping", + "cedarlingConfig": "Cèdre" }, "lock": "Verrouillage", "cache": "Cacher", @@ -649,7 +650,10 @@ "reloginToViewCedarlingChanges": "Veuillez vous reconnecter pour voir les modifications de cedarling.", "allAvailableHintsSelected": "Toutes les options d'indice disponibles sont sélectionnées.", "noMatchingOptions": "Aucune option correspondante", - "nothingToShowInTheList": "Rien à montrer dans la liste" + "nothingToShowInTheList": "Rien à montrer dans la liste", + "adminUiPolicyStore": "Magasin de politiques de l'interface utilisateur d'administration", + "configApiPolicyStore": "Magasin de politiques de configuration de l'API", + "localPolicies": "Politiques locales" }, "messages": { "add_permission": "Ajouter une autorisation", @@ -835,6 +839,7 @@ "loading_database_information": "Chargement des informations de la base de données...", "jans_json_property": "Propriétés", "all_oidc_clients": "Tous les clients OIDC", + "cedarling_config": "Configuration Cedarling", "jans_kc_link": "Lien KC Jans", "all_scopes": "Toutes les portées", "idp": "IDP", @@ -1555,6 +1560,13 @@ "description": "Description de la permission", "tag": "Nom-de-la-balise pour identifier l'autorisation à inclure dans le jeton d'accès à l'API.", "default_permission_in_token": "Si défini sur vrai, l'autorisation sera disponible par défaut dans le jeton d'autorisation pour accéder à l'API (avant l'authentification)." + }, + "cedarlingConfig": { + "title": "Configurer un contrôle précis à l'aide de Cedarling", + "point1": "1. Créer un magasin de politiques avec Agama Lab. Projet Fork", + "point2": "2. Copiez l'URL de PolicyStore et configurez-la.", + "note": "Remarque : Ceci vous aidera à créer votre propre projet Cedarling. Vous pouvez modifier les rôles et les autorisations via", + "localPoliciesNote:": "Remarque : Il est recommandé d'activer cette option pour la production. Si elle est activée, les politiques seront récupérées à partir des URL ci-dessus, stockées dans la base de données et utilisées pour l'autorisation Cedarling." } }, "script": { diff --git a/admin-ui/app/locales/pt/translation.json b/admin-ui/app/locales/pt/translation.json index 058c5a42b6..a6943ba77a 100644 --- a/admin-ui/app/locales/pt/translation.json +++ b/admin-ui/app/locales/pt/translation.json @@ -61,7 +61,8 @@ "securityDropdown": { "adminUiRoles": "Funções da interface do administrador", "capabilities": "Capacidades", - "mapping": "Mapeamento" + "mapping": "Mapeamento", + "cedarlingConfig": "Cedarling" }, "lock": "Trancar", "cache": "Cache", @@ -644,7 +645,10 @@ "reloginToViewCedarlingChanges": "Por favor, faça login novamente para ver as alterações do cedarling.", "allAvailableHintsSelected": "Todas as opções de dica disponíveis estão selecionadas", "noMatchingOptions": "Nenhuma opção correspondente", - "nothingToShowInTheList": "Nada a mostrar na lista" + "nothingToShowInTheList": "Nada a mostrar na lista", + "adminUiPolicyStore": "Política de armazenamento da interface de administração", + "configApiPolicyStore": "Política de armazenamento da API de configuração", + "localPolicies": "Políticas locais" }, "messages": { "add_permission": "Adicionar permissão", @@ -826,6 +830,7 @@ "all_attributes": "Todos os Atributos", "all_custom_scripts": "Todos os scripts personalizados", "jans_json_property": "Propriedades", + "cedarling_config": "Configuração Cedarling", "jans_lock": "Trava Jans", "config_api_configuration": "Configuração da API de Configuração", "database_information": "Informações do Banco de Dados", @@ -1552,6 +1557,13 @@ }, "authn": { "acr": "Référence de classe de contexte d'authentification" + }, + "cedarlingConfig": { + "title": "Configurar o controlo refinado usando Cedarling", + "point1": "1. Crie um repositório de políticas utilizando o Agama Lab. Fork Project", + "point2": "2.º Copie o URL do PolicyStore e configure.", + "note": "Nota: isto irá ajudá-lo a criar o seu próprio projeto cedarling. Pode atualizar funções e permissões usando", + "localPoliciesNote:": "Nota: Recomenda-se ativar a opção para produção. Se ativado, o sistema irá procurar políticas dos URLs acima, armazená-las na base de dados e utilizá-las para autorização do Cedarling." } }, "script": { diff --git a/admin-ui/plugins/admin/components/Cedarling/CedarlingConfigPage.js b/admin-ui/plugins/admin/components/Cedarling/CedarlingConfigPage.js new file mode 100644 index 0000000000..7087759e64 --- /dev/null +++ b/admin-ui/plugins/admin/components/Cedarling/CedarlingConfigPage.js @@ -0,0 +1,125 @@ +import { lazy, useState } from 'react' +import { + Button, + Card, + CardBody, + FormGroup, + CardTitle, + CardText, + Form, + Label, + Input, + CustomInput, + Col, +} from 'Components' +import { useTranslation } from 'react-i18next' +import SetTitle from 'Utils/SetTitle' +import GluuToogleRow from '@/routes/Apps/Gluu/GluuToogleRow' +import GluuLabel from '@/routes/Apps/Gluu/GluuLabel' + +function CedarlingConfigPage() { + const { t } = useTranslation() + SetTitle(t('titles.cedarling_config')) + const [adminUiPolicyStore, setAdminUiPolicyStore] = useState('') + const [configApiPolicyStore, setConfigApiPolicyStore] = useState('') + const [localPolicies, setLocalPolicies] = useState(true) + + const handleSubmit = (e) => { + e.preventDefault() + const config = { + adminUiPolicyStore, + configApiPolicyStore, + localPolicies, + } + console.log('Submitted Config:', config) + alert('Configuration applied successfully!') + } + + return ( + + + + + {t('documentation.cedarlingConfig.title')} + + + + + {t('documentation.cedarlingConfig.point1')}{' '} + + AdminUICedarling + + . +
+ {t('documentation.cedarlingConfig.point2')} + + + {t('documentation.cedarlingConfig.note')}{' '} + + Agama-Lab + + . + + + +
+ + + + setAdminUiPolicyStore(e.target.value)} + /> + + + + + + setConfigApiPolicyStore(e.target.value)} + /> + + + + + + { + setLocalPolicies(e.target.checked) + }} + lsize={4} + rsize={8} + label={`${t('fields.localPolicies')}`} + value={localPolicies} + /> +

+ {t('documentation.cedarlingConfig.localPoliciesNote')} +

+ + + +
+ +
+
+ + + + ) +} + +export default CedarlingConfigPage diff --git a/admin-ui/plugins/admin/plugin-metadata.ts b/admin-ui/plugins/admin/plugin-metadata.ts index 3092cd2fe4..0b8a8c4b08 100644 --- a/admin-ui/plugins/admin/plugin-metadata.ts +++ b/admin-ui/plugins/admin/plugin-metadata.ts @@ -43,6 +43,7 @@ import JansAssetEditPage from './components/Assets/JansAssetEditPage' import JansAssetAddPage from './components/Assets/JansAssetAddPage' import DashboardPage from '../../app/routes/Dashboards/DashboardPage' import LicenseDetailsPage from '../../app/routes/License/LicenseDetailsPage' +import CedarlingConfigPage from './components/Cedarling/CedarlingConfigPage' const PLUGIN_BASE_PATH = '/adm' @@ -95,6 +96,11 @@ const pluginMetadata = { path: PLUGIN_BASE_PATH + '/mapping', permission: MAPPING_READ, }, + { + title: 'menus.securityDropdown.cedarlingConfig', + path: PLUGIN_BASE_PATH + '/cedarlingconfig', + permission: MAPPING_READ, + }, ], }, @@ -158,6 +164,11 @@ const pluginMetadata = { path: PLUGIN_BASE_PATH + '/mapping', permission: MAPPING_READ, }, + { + component: CedarlingConfigPage, + path: PLUGIN_BASE_PATH + '/cedarlingconfig', + permission: MAPPING_READ, + }, { component: WebhookListPage, diff --git a/admin-ui/plugins/admin/redux/features/apiConfigSlice.js b/admin-ui/plugins/admin/redux/features/apiConfigSlice.js new file mode 100644 index 0000000000..90f790eb4c --- /dev/null +++ b/admin-ui/plugins/admin/redux/features/apiConfigSlice.js @@ -0,0 +1,90 @@ +import reducerRegistry from 'Redux/reducers/ReducerRegistry' +import { createSlice } from '@reduxjs/toolkit' + +const initialState = { + items: { + authServerHost: '', + authzBaseUrl: '', + clientId: '', + responseType: '', + scope: '', + redirectUrl: '', + acrValues: '', + frontChannelLogoutUrl: '', + postLogoutRedirectUri: '', + endSessionEndpoint: '', + sessionTimeoutInMins: 0, + allowSmtpKeystoreEdit: true, + additionalParameters: [ + { + key: '', + value: '', + }, + ], + cedarlingLogType: 'off', + auiPolicyStoreUrl: '', + auiDefaultPolicyStorePath: '', + useRemotePolicyStore: true, + }, + policyStore: {}, + loading: false, +} + +const apiConfigSlice = createSlice({ + name: 'apiConfig', + initialState, + reducers: { + getConfig: (state) => { + state.loading = true + }, + getConfigResponse: (state, action) => { + state.loading = false + if (action.payload?.data) { + state.items = action.payload.data + } + }, + getPolicyStore: (state) => { + state.loading = true + }, + getPolicyStoreResponse: (state, action) => { + state.loading = false + if (action.payload?.data) { + state.policyStore = action.payload.data.responseObject + } + }, + editConfig: (state) => { + state.loading = true + }, + editConfigResponse: (state, action) => { + state.loading = false + if (action.payload?.data) { + state.items = { ...state.items } + } + }, + updateSyncRoleScopesMapping: (state, action) => { + state.loading = true + }, + updateSyncRoleScopesMappingResponse: (state, action) => { + state.loading = false + if (action.payload?.data) { + state.items = { ...state.items } + } + }, + setCurrentItem: (state, action) => { + state.item = action.payload.item + state.loading = false + }, + }, +}) + +export const { + getConfig, + getConfigResponse, + editConfig, + editConfigResponse, + updateSyncRoleScopesMapping, + updateSyncRoleScopesMappingResponse, + setCurrentItem, +} = apiConfigSlice.actions +export const { actions, reducer, state } = apiConfigSlice +reducerRegistry.register('apiConfigReducer', reducer)