Allow to configure trusted URL on Organization when enabling the TOTVS Identity or SAML authentication

Description

PRDE - Story default text according to the team DoR (Definition of Ready)

01 - STAKEHOLDER (PERSON THAT CAN VALIDATE AND ANSWER QUESTIONS):
02 - PROBLEM (WHAT'S THE CURRENT PROBLEM SCENARIO OR PAIN TO BE RESOLVED?):

Today 2C can’t login when it is deployed on TOTVS Cloud infrastructure.

It does not work because the URL to access 2C is a regular WEB url (not localhost).

We need to allow to configure trusted URL so the auth app will allow to redirect it to the final URL (2Cs URL).

Here an example:

This one works, because we assume localhost as a trusted URL:
https://totvs.carol.ai/auth/login?redirect=http://localhost:8080/blabla

This one does not work, we restrict redirect sending the token to external URLs:
https://totvs.carol.ai/auth/login?redirect=http://meuseitequenaoexiste.com.br/blabla

03 - GOAL (DESCRIBE THE PROPOSED SOLUTION):

  • We need to add the domain totvscloud.com.br and subdomains from this domain on our allowed-list.

04 - WHO CAN USE THIS FEATURE (USER ROLES): Any role.
06 - ACCEPTANCE CRITERIA:

  • The auth app should consider the domain from TOTVS Cloud (*.totvscloud.com.br) as allowed domain to receive the redirect from the platform.
    • Today, only localhost and *.carol.ai are part of this allowed-list.

Activity

Leandro Ripoll Saldanha 27 February 2024, 12:40 Jira Internal Users

@MARCOS STUMPF te chamo no Slack para alinharmos.

MARCOS STUMPF 27 February 2024, 01:42 Jira Internal Users

@Leandro Ripoll Saldanha consegue me dar uma mão para entender o que rolou aqui?

Parece que depois de uma reprovação no github teve uma aprovação, mas ela não foi atualizada dentro do card, pois ainda consta a PR como DECLINED.

cc @Ingo Wagner

Automation for Jira 15 February 2024, 13:18 Jira Internal Users

@MARCOS STUMPF ,
@Douglas Coimbra Lopes , @Ingo Wagner , @Carlos Affonso Wagner , @Douglas Coimbra Lopes , @Ingo Wagner , @Moises Jose Soares Filho

Flag was removed since you have just transitioned the issue status/column.

Douglas Coimbra Lopes 15 February 2024, 13:17 Jira Internal Users

@Ingo Wagner If we try to access a specific tenant, it is not redirecting to the totvscloud page

https://totvswarlords.qarol.ai/newtenantdoug/ auth/login?redirect=https://abc.totvscloud.com.br

Douglas Coimbra Lopes 15 February 2024, 12:58 Jira Internal Users

@Ingo Wagner @Robson Thanael Poffo If we try to use the same URL when the organization has Identity enabled, the platform is still redirecting normally to the environment page

Please check the attached video:

Robson Thanael Poffo 15 February 2024, 11:22 Jira Internal Users

Douglas,

No action from Identity or other IDP is needed. This is the trusted url for
our auth app to redirect the request with the token after the login is done
by the IDP.

This is a safety resource on our end.

Let me know if you have questions and we can talk further.

Douglas Coimbra Lopes 14 February 2024, 19:28 Jira Internal Users

@Robson Thanael Poffo @Jonathan Willian Moraes @Pedro Buzzi Before proceeding with this card validation, the FE team will confirm if from an identity perspective, which action should be taken. cc @Ingo Wagner

Automation for Jira 14 February 2024, 13:05 Jira Internal Users

This issue was automatically transitioned to QA REVIEW, as its PR was just approved in Github.

Automation for Jira 13 February 2024, 00:06 Jira Internal Users

This issue was automatically transitioned to REVIEW, as its PR (not DRAFT and not WIP) was just created in Github.

refactor: https://totvslabs.atlassian.net/browse/CAPL-5483#icft=CAPL-5483 allows redirects to https://*totvscloud.com.br*

Automation for Jira 13 February 2024, 00:05 Jira Internal Users

This issue was automatically transitioned to IN PROGRESS, as its branch was just created in Github.

CAPL-5483-allow-to-configure-trusted-url-on-organization-when-enabling-the-totvs-identity-or-saml-authentication

Automation for Jira 12 February 2024, 19:31 Jira Internal Users

@MARCOS STUMPF ,
@Gabriel DAmore Marciano ,
@Geny Isam Hamud Herrera ,
This issue was planned to be delivered until 2024-03-04. You can check that by consulting the issue in the Due Date field.

Dates already planned for this issue: 2024-03-04

If External Issue Link field is filled, customer was also informed on JIRA TOTVS.