Allow to configure trusted URL on Organization when enabling the TOTVS Identity or SAML authentication
Description
PRDE - Story default text according to the team DoR (Definition of Ready)
01 - STAKEHOLDER (PERSON THAT CAN VALIDATE AND ANSWER QUESTIONS):
02 - PROBLEM (WHAT'S THE CURRENT PROBLEM SCENARIO OR PAIN TO BE RESOLVED?):
Today 2C can’t login when it is deployed on TOTVS Cloud infrastructure.
It does not work because the URL to access 2C is a regular WEB url (not localhost).
We need to allow to configure trusted URL so the auth
app will allow to redirect it to the final URL (2Cs URL).
Here an example:
This one works, because we assume localhost as a trusted URL:
https://totvs.carol.ai/auth/login?redirect=http://localhost:8080/blabla
This one does not work, we restrict redirect sending the token to external URLs:
https://totvs.carol.ai/auth/login?redirect=http://meuseitequenaoexiste.com.br/blabla
03 - GOAL (DESCRIBE THE PROPOSED SOLUTION):
- We need to add the domain
totvscloud.com.br
and subdomains from this domain on our allowed-list.
04 - WHO CAN USE THIS FEATURE (USER ROLES): Any role.
06 - ACCEPTANCE CRITERIA:
- The
auth
app should consider the domain from TOTVS Cloud (*.totvscloud.com.br) as allowed domain to receive the redirect from the platform.- Today, only
localhost
and*.carol.ai
are part of this allowed-list.
- Today, only
Activity
Show:
@MARCOS STUMPF te chamo no Slack para alinharmos.
@Leandro Ripoll Saldanha consegue me dar uma mão para entender o que rolou aqui?
Parece que depois de uma reprovação no github teve uma aprovação, mas ela não foi atualizada dentro do card, pois ainda consta a PR como DECLINED.
cc @Ingo Wagner
@MARCOS STUMPF ,
@Douglas Coimbra Lopes , @Ingo Wagner , @Carlos Affonso Wagner , @Douglas Coimbra Lopes , @Ingo Wagner , @Moises Jose Soares Filho
Flag was removed since you have just transitioned the issue status/column.
@Ingo Wagner If we try to access a specific tenant, it is not redirecting to the totvscloud page
https://totvswarlords.qarol.ai/newtenantdoug/ auth/login?redirect=https://abc.totvscloud.com.br
@Ingo Wagner @Robson Thanael Poffo If we try to use the same URL when the organization has Identity enabled, the platform is still redirecting normally to the environment page
Please check the attached video:
Douglas,
No action from Identity or other IDP is needed. This is the trusted url for
our auth app to redirect the request with the token after the login is done
by the IDP.
This is a safety resource on our end.
Let me know if you have questions and we can talk further.
@Robson Thanael Poffo @Jonathan Willian Moraes @Pedro Buzzi Before proceeding with this card validation, the FE team will confirm if from an identity perspective, which action should be taken. cc @Ingo Wagner
This issue was automatically transitioned to QA REVIEW, as its PR was just approved in Github.
This issue was automatically transitioned to REVIEW, as its PR (not DRAFT and not WIP) was just created in Github.
refactor: https://totvslabs.atlassian.net/browse/CAPL-5483#icft=CAPL-5483 allows redirects to https://*totvscloud.com.br*
This issue was automatically transitioned to IN PROGRESS, as its branch was just created in Github.
CAPL-5483-allow-to-configure-trusted-url-on-organization-when-enabling-the-totvs-identity-or-saml-authentication
@MARCOS STUMPF ,
@Gabriel DAmore Marciano ,
@Geny Isam Hamud Herrera ,
This issue was planned to be delivered until 2024-03-04. You can check that by consulting the issue in the Due Date field.
Dates already planned for this issue: 2024-03-04
If External Issue Link field is filled, customer was also informed on JIRA TOTVS.