Allow to configure trusted URL on Organization when enabling the TOTVS Identity or SAML authentication
Description
PRDE - Story default text according to the team DoR (Definition of Ready)
01 - STAKEHOLDER (PERSON THAT CAN VALIDATE AND ANSWER QUESTIONS):
02 - PROBLEM (WHAT'S THE CURRENT PROBLEM SCENARIO OR PAIN TO BE RESOLVED?):
Today 2C can’t login when it is deployed on TOTVS Cloud infrastructure.
It does not work because the URL to access 2C is a regular WEB url (not localhost).
We need to allow to configure trusted URL so the auth app will allow to redirect it to the final URL (2Cs URL).
Here an example:
This one works, because we assume localhost as a trusted URL:
https://totvs.carol.ai/auth/login?redirect=http://localhost:8080/blabla
This one does not work, we restrict redirect sending the token to external URLs:
https://totvs.carol.ai/auth/login?redirect=http://meuseitequenaoexiste.com.br/blabla
03 - GOAL (DESCRIBE THE PROPOSED SOLUTION):
- We need to add the domain
totvscloud.com.brand subdomains from this domain on our allowed-list.
04 - WHO CAN USE THIS FEATURE (USER ROLES): Any role.
06 - ACCEPTANCE CRITERIA:
- The
authapp should consider the domain from TOTVS Cloud (*.totvscloud.com.br) as allowed domain to receive the redirect from the platform.- Today, only
localhostand*.carol.aiare part of this allowed-list.
- Today, only
Activity
Show:
Details
Priority
HighAssignee
Ingo Wagner
Reporter
MARCOS STUMPF
Labels
CAROL_BACKLOG_REVIEWPLANNED
Due Date
4 March 2024
Fix versions
CAPL_4.00
Components
2C-CAROL_CONNECT | LOGINORGANIZATION/TENANT | LOGIN
Created
8 February 2024, 16:28
Updated
12 March 2024, 20:45
More fields
Created: 8 February 2024, 20:28
Updated:
13 March 2024, 00:45
@MARCOS STUMPF te chamo no Slack para alinharmos.
@Leandro Ripoll Saldanha consegue me dar uma mão para entender o que rolou aqui?
Parece que depois de uma reprovação no github teve uma aprovação, mas ela não foi atualizada dentro do card, pois ainda consta a PR como DECLINED.
cc @Ingo Wagner
@MARCOS STUMPF ,
@Douglas Coimbra Lopes , @Ingo Wagner , @Carlos Affonso Wagner , @Douglas Coimbra Lopes , @Ingo Wagner , @Moises Jose Soares Filho
Flag was removed since you have just transitioned the issue status/column.
@Ingo Wagner If we try to access a specific tenant, it is not redirecting to the totvscloud page
https://totvswarlords.qarol.ai/newtenantdoug/ auth/login?redirect=[+https://abc.totvscloud.com.br+|https://abc.totvscloud.com.br/]
@Ingo Wagner @Robson Thanael Poffo If we try to use the same URL when the organization has Identity enabled, the platform is still redirecting normally to the environment page
Please check the attached video:
Douglas,
No action from Identity or other IDP is needed. This is the trusted url for
our auth app to redirect the request with the token after the login is done
by the IDP.
This is a safety resource on our end.
Let me know if you have questions and we can talk further.
@Robson Thanael Poffo @Jonathan Willian Moraes @Pedro Buzzi Before proceeding with this card validation, the FE team will confirm if from an identity perspective, which action should be taken. cc @Ingo Wagner
This issue was automatically transitioned to QA REVIEW, as its PR was just approved in Github.
This issue was automatically transitioned to REVIEW, as its PR (not DRAFT and not WIP) was just created in Github.
refactor:
CAPL-5483 Done allows redirects to https://*totvscloud.com.br*
This issue was automatically transitioned to IN PROGRESS, as its branch was just created in Github.
CAPL-5483-allow-to-configure-trusted-url-on-organization-when-enabling-the-totvs-identity-or-saml-authentication
@MARCOS STUMPF ,
@Gabriel DAmore Marciano ,
@Geny Isam Hamud Herrera ,
This issue was planned to be delivered until 2024-03-04. You can check that by consulting the issue in the Due Date field.
Dates already planned for this issue: 2024-03-04
If External Issue Link field is filled, customer was also informed on JIRA TOTVS.