Closed MdreW closed 6 months ago
Hi @MdreW
you're right, that's why we have this here https://github.com/italia/Satosa-Saml2Spid/blob/eudi/example/uwsgi_setup/nginx/net_proxy.conf#L59
I'm not a lover of the iframe, then I would like to improve that discovery page.
the templates can be customized and their path configured here, so you don't have to fork for UI customizations.
JS template MUST be improved, that's a PoC and I'm aware of this.
Can you give more explaination about these two?
add requirements unecessary and is not 'satosa style' is a little bit too much
The code is divided by submodules as explained in the README, this is a complete toolchain where a developer may decide to use just some components and not all of them
For satosa a simple solution is render a json from the qr code page. Es: {code: xxxxxxxxxxx, ttl: 150}. With js we read async the json and render qrcode directly in the page (no iframe, jinja or graphics libraries). If it can be useful, i can make a POC of this discovery page type
yes you can!
https://github.com/MdreW/discovery_async_qrcode_example - example of discovery page that creates the qr code from remote on click string. The discovery page is configured from load the remote json from https://common.intranet.isprambiente.it/code.json. The remote json contain this data: {"code": "https://www.isprambiente.gov.it/it", "ttl": 150}
must be implemented the authentication check. In response json must be added the authentication id and the url for check the status.
Is based on the last my proposal of satosa-saml2spid discovery page. The qrcode trick is in wallet_it.js.
If is a solution can be useful we can develop with more detailed.
Hi all, i'm studying this library for the satosa's integration. At this moment the backend respond a web page with an image of qr code. The discovery page, on button click, open a iframe on qrcode page. With this solution I look some problem:
X-Frame-Options: DENY
For satosa a simple solution is render a json from the qr code page. Es:
{code: xxxxxxxxxxx, ttl: 150}
. With js we read async the json and render qrcode directly in the page (no iframe, jinja or graphics libraries). If it can be useful, i can make a POC of this discovery page typeBut in generally i don't think that an auth library must generate html, svg or png. If is usefull, and can be, should be divided in more modules.
My2C