Integration SRAM and Manage

oharsta commented 5 months ago

Store the minimal required set of attributes in Manage to use in the EB login flow. See for details https://confluence.ia.surf.nl/pages/viewpage.action?spaceKey=TIINN&title=SRAM-Manage+integratie

In Manage there is a new attribute to prevent existing values to be edited: disabledAfterPersisted: true

(Some) questions to be answered:

[x] Do SRAM services need an ARP? No; SRAM has a fixed ARP which does not need to be administered separately in Manage.
[ ] Do SRAM services need to specify IdP for the connect-to-IdP matrix? No; all SRAM Services are available to the same set of IdPs (to be determined how to manage that; maybe simply use the IdPs that are connected to the main SRAM/SBS instance in the regular SP/RP table)
[ ] Which IdP's need to be allowed access to SRAM services? Fixed set? see above
[x] Do SRAM services need attribute manipulation? We currently don't support this, but this would be a nice to have in the future
[x] Do we want to show SRAM services in IdP dashboard? No, only SRAM as a whole
[x] Can SRAM services be used in PdP policies? No; SRAM not for now.
[x] Do SRAM SAML services require valid MetaData (either upload or URL), or do we allow for manual ACS input? Yes; Either Upload or MetaData URL.

Tasks:

[x] SBS: New DB columns SBS Services
[x] SBS: Extra UI for Service Request
[x] SBS: Extra UI-tabs for Service Details
[ ] SBS: Sync SBS to Manage (periodically and manual from systems tab)
[ ] SBS: Sync SBS to Manage with defaults for Connected IDP's (same set as connected to main SRAM SP)
[x] SBS: Sync SBS to Manage with defaults for ARP (same attributes as main SRAM SP)
[x] SBS: Sync on update
[x] Manage: New schema for SRAM services (can be OIDC or SAML protocol)
[x] Manage: SRAM services read-only (no Create / Update / Delete)
[x] Manage: SRAM API user
[x] Manage: API for SRAM Service Create / Update / Delete

oharsta commented 4 months ago

@baszoetekouw This story is not finished yet, but before continuing we should deploy this on an environment with connectivity with manage (test2).

logan-life commented 3 months ago

@oharsta FYI we agreed today with @baszoetekouw that he will pick up the deployment to the test environment next week, week of Monday August 26.

SURFscz / SBS