Open
Conversation
Contributor
There was a problem hiding this comment.
Pull request overview
Adds OpenID Connect (OIDC) support to SAMA.Web, including admin-configurable settings, login UI, JIT provisioning, and shared group-to-role/workspace mapping logic (reused by LDAP). Also wires up local/CI support services and adds new unit/integration/system tests around the feature.
Changes:
- Add OIDC authentication configuration, settings UI, login flow, and user provisioning.
- Refactor group mapping sync into a shared service used by both LDAP and OIDC.
- Add mock OIDC/LDAP containers for local dev + CI system tests; add/adjust related tests.
Reviewed changes
Copilot reviewed 25 out of 25 changed files in this pull request and generated 8 comments.
Show a summary per file
| File | Description |
|---|---|
| SAMA.Web/docker-compose.yml | Adds mock OIDC and LDAP services for local development. |
| SAMA.Web/Services/OidcPostConfigureOptions.cs | Dynamically configures OpenIdConnectOptions from GlobalSettings at runtime. |
| SAMA.Web/Services/OidcAuthenticationService.cs | JIT provisions/updates users from OIDC claims and applies group mappings. |
| SAMA.Web/Services/LdapAuthenticationService.cs | Switches LDAP group mapping application to the new shared sync service. |
| SAMA.Web/Services/GroupMappingSyncService.cs | New shared service for syncing admin role + workspace assignments from group mappings. |
| SAMA.Web/Services/GlobalSettingsService.cs | Adds persisted global settings for OIDC configuration (enabled, authority, client, scopes, etc.). |
| SAMA.Web/SAMA.Web.csproj | Adds OpenIdConnect authentication package reference. |
| SAMA.Web/Program.cs | Registers OIDC auth scheme + post-configurer; registers new services in DI. |
| SAMA.Web/Pages/Admin/Settings/_SettingsLayout.cshtml | Adds OIDC tab to admin settings navigation. |
| SAMA.Web/Pages/Admin/Settings/Oidc.cshtml.cs | Adds admin page model for editing OIDC settings and clearing options cache. |
| SAMA.Web/Pages/Admin/Settings/Oidc.cshtml | Adds admin UI for configuring OIDC settings. |
| SAMA.Web/Pages/Admin/Settings/GroupMappings.cshtml | Updates UI text and adds “OIDC” as an identity provider option. |
| SAMA.Web/Pages/Account/Login.cshtml.cs | Adds OIDC login initiation + callback handlers; blocks local login for external users. |
| SAMA.Web/Pages/Account/Login.cshtml | Adds “Sign in with {Provider}” button when OIDC is enabled. |
| SAMA.Tests.Unit/Web/Services/OidcPostConfigureOptionsTests.cs | Unit tests for OIDC post-configure behavior. |
| SAMA.Tests.Unit/Web/Services/OidcAuthenticationServiceTests.cs | Unit tests for basic OIDC enabled/disabled conditions. |
| SAMA.Tests.Unit/Web/Services/NotificationChannels/EmailChannelHandlerTests.cs | Minor null-forgiving adjustment in test capture. |
| SAMA.Tests.Unit/Web/Services/GroupMappingSyncServiceTests.cs | Unit tests for ExtractCnFromDn moved to the new shared service. |
| SAMA.Tests.Unit/Web/Pages/Admin/Settings/LdapModelTests.cs | Updates constructor substitute args after LDAP service DI change. |
| SAMA.Tests.Unit/Web/Pages/Account/LoginModelTests.cs | Updates constructor substitute args after LoginModel DI change. |
| SAMA.Tests.System/SystemTestBase.cs | Adds additional Playwright wait-for-network-idle after key actions. |
| SAMA.Tests.System/OidcTests.cs | New system test covering OIDC login using the mock provider. |
| SAMA.Tests.Integration/Web/Services/OidcAuthenticationServiceTests.cs | New integration tests for OIDC provisioning and group mapping behavior. |
| SAMA.Tests.Integration/Web/Services/LdapAuthenticationServiceTests.cs | Updates LDAP integration test setup for new shared group mapping service. |
| .github/workflows/ci.yml | Adds OIDC and LDAP mock service containers for system tests in CI. |
arktronic-sep
force-pushed
the
oidc
branch
2 times, most recently
from
af8de27 to
f40351b
Compare
Comment on lines
+120
to
+124
| public IActionResult OnGetOidcLogin(string? returnUrl = null) | ||
| { | ||
| returnUrl ??= Url.Content("~/"); | ||
|
|
||
| var properties = new AuthenticationProperties |
Comment on lines
+57
to
+61
| options.Scope.Clear(); | ||
| foreach (var scope in _globalSettings.OidcScopes.Split(' ', StringSplitOptions.RemoveEmptyEntries)) | ||
| { | ||
| options.Scope.Add(scope); | ||
| } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.