Federation Manager is a Next.js web application that seamlessly integrates providers and communities into DataCloud with simplicity, security, and automated resource management.
The app is implemented in TypeScript, using Next.js.
User authentication and session management are handled by Better-Auth, while OAuth2/OpenID Connect flows are configured for your IAM provider.
To register a new client, go to the chosen INDIGO IAM instance, login as admin and create a new client with the configuration described below.
In the client main page, add all needed redirect uris.
To enable development of the dashboard on your local machine, the redirect uri must be:
https://localhost:3000/api/auth/oauth2/callback/iamFor a production deployment, the redirect uri will be, for example:
https://federation-manager.cloud.infn.it/api/auth/oauth2/callback/iamwhere https://federation-manager.cloud.infn.it is the URL where the dashboard is located.
In the Scopes tab, assure that the following scopes are enabled
emailopenidprofile
In the Grant Types tab, enable authorization_code.
To launch the development environment, an installation of Node.js is the only mandatory requirement.
Create a file named .env located to the project root directory and define the following variables:
FM_ENDPOINT_URL="https://localhost:3000"
FM_AUTH_SECRET="xxxxxxxx"
API_SERVER_URL="http://192.168.1.1:8000/api/v1"
FM_OIDC_URL="https://iam.example.it"
FM_OIDC_CLIENT_ID="xxxx-xxxx-xxxx-xxxx-xxxxxxx"
FM_OIDC_CLIENT_SECRET="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
FM_OIDC_SCOPES="openid profile email"
FM_OIDC_PROVIDER_ID="iam"
# Groups for role-based access control
GROUPS_SITE_ADMIN={"https://iam.cloud.infn.it/": ["admins"]}
GROUPS_SITE_TESTER={"https://iam.cloud.infn.it/": ["admins/beta-testers"]}
GROUPS_SLA_MANAGER={"https://iam.cloud.infn.it/": ["users/sla", "users/catchall"]}Imporant: FM_AUTH_SECRET is a variable to securely protect session cookies
for authentication. You could generate a secret running:
openssl rand -base64 32Note
This is considered a sensitive credential to decrypt session cookies and thus the Access Token. Do not share the secret especially the once generated for production deployment.
First install the required dependencies with:
npm run installand then start the Next.js development server running:
npm run devSomething similar to the following should be prompted:
> [email protected] dev
> next dev --turbopack --experimental-https
⚠ Self-signed certificates are currently an experimental feature, use with caution.
Using already generated self signed certificate
▲ Next.js 15.5.3 (Turbopack)
- Local: https://localhost:3000
- Environments: .env
✓ Starting...
○ Compiling middleware ...
✓ Compiled middleware in 895ms
✓ Ready in 1731msThe dashboard is then available at https://localhost:3000.