diff --git a/static/css/core-ui.css b/static/css/core-ui.css index cb7525cc9..631c1c976 100644 --- a/static/css/core-ui.css +++ b/static/css/core-ui.css @@ -431,6 +431,18 @@ a:focus { border-top: 1px solid #eee; } +.co-panel-body .co-panel-heading { + font-size: 120%; + border-bottom: 0px; + margin: 0px; + margin-bottom: -6px; +} + +.co-panel-body .co-panel-body { + padding-left: 38px; +} + + .config-bool-field-element input { margin-right: 6px; font-size: 24px; diff --git a/static/directives/config/config-setup-tool.html b/static/directives/config/config-setup-tool.html index 23b043399..8e045ea28 100644 --- a/static/directives/config/config-setup-tool.html +++ b/static/directives/config/config-setup-tool.html @@ -525,17 +525,18 @@ - +
- Authentication + Internal Authentication

Authentication for the registry can be handled by either the registry itself, LDAP or external JWT endpoint. -
- Additional external authentication providers (such as GitHub) can be used on top of this choice. +

+

+ Additional external authentication providers (such as GitHub) can be used in addition for login into the UI.

@@ -807,134 +808,204 @@
-
+ - -
+
- GitHub (Enterprise) Authentication + External Authorization (OAuth)
-
-

- If enabled, users can use GitHub or GitHub Enterprise to authenticate to the registry. -

-

- Note: A registered GitHub (Enterprise) OAuth application is required. - View instructions on how to - - Create an OAuth Application in GitHub - -

+ +
+
+ GitHub (Enterprise) Authentication +
+
+
+

+ If enabled, users can use GitHub or GitHub Enterprise to authenticate to the registry. +

+

+ Note: A registered GitHub (Enterprise) OAuth application is required. + View instructions on how to + + Create an OAuth Application in GitHub + +

+
+ +
+ Enable GitHub Authentication +
+ + + + + + + + + + + + + + + + + + + + + + +
GitHub: + +
GitHub Endpoint: + + +
+ The GitHub Enterprise endpoint. Must start with http:// or https://. +
+
OAuth Client ID: + + +
OAuth Client Secret: + + +
Organization Filtering: +
+ Restrict By Organization Membership +
+ +
+ If enabled, only members of specified GitHub + Enterprise organizations will be allowed to login via GitHub + Enterprise. +
+ + + +
+
+
+ + +
+
+ Google Authentication +
+
+
+

+ If enabled, users can use Google to authenticate to the registry. +

+

+ Note: A registered Google OAuth application is required. + Visit the + + Google Developer Console + + to register an application. +

+
+ +
+ Enable Google Authentication +
+ + + + + + + + + + +
OAuth Client ID: + + +
OAuth Client Secret: + + +
+
+
+ + +
+
+ + {{ config[provider]['SERVICE_NAME'] || (getOIDCProviderId(provider) + ' Authentication') }} + (Delete) +
+
+ + + + + + + + + + + + + + + + + +
Service ID: + {{ getOIDCProviderId(provider) }} +
OIDC Server: + + +
+ The URL of an OIDC-compliant server. +
+
Service Name: + + +
+ The user friendly name to display for the service on the login page. +
+
Service Icon (optional): + + +
+ If specified, the icon to display for this login service on the login page. Can be either a URL to an icon or a CSS class name from Font Awesome +
+
+ +
-
- Enable GitHub Authentication -
- - - - - - - - - - - - - - - - - - - - - - -
GitHub: - -
GitHub Endpoint: - - -
- The GitHub Enterprise endpoint. Must start with http:// or https://. -
-
OAuth Client ID: - - -
OAuth Client Secret: - - -
Organization Filtering: -
- Restrict By Organization Membership -
- -
- If enabled, only members of specified GitHub - Enterprise organizations will be allowed to login via GitHub - Enterprise. -
- - - -
+ + Add OIDC Provider + What is OIDC?
-
+
- -
-
- Google Authentication -
-
-
-

- If enabled, users can use Google to authenticate to the registry. -

-

- Note: A registered Google OAuth application is required. - Visit the - - Google Developer Console - - to register an application. -

-
- -
- Enable Google Authentication -
- - - - - - - - - - -
OAuth Client ID: - - -
OAuth Client Secret: - - -
-
-
diff --git a/static/js/core-config-setup.js b/static/js/core-config-setup.js index 827a78871..1347e82b0 100644 --- a/static/js/core-config-setup.js +++ b/static/js/core-config-setup.js @@ -71,7 +71,11 @@ angular.module("core-config-setup", ['angularFileUpload']) {'id': 'bittorrent', 'title': 'BitTorrent downloads', 'condition': function(config) { return config.FEATURE_BITTORRENT; - }} + }}, + + {'id': 'oidc-login', 'title': 'OIDC Login(s)', 'condition': function(config) { + return $scope.getOIDCProviders(config).length > 0; + }}, ]; $scope.STORAGE_CONFIG_FIELDS = { @@ -147,6 +151,59 @@ angular.module("core-config-setup", ['angularFileUpload']) $scope.validating = null; $scope.savingConfiguration = false; + $scope.removeOIDCProvider = function(provider) { + delete $scope.config[provider]; + }; + + $scope.addOIDCProvider = function() { + bootbox.prompt('Enter an ID for the OIDC provider', function(result) { + if (!result) { + return; + } + + result = result.toUpperCase(); + + if (!result.match(/^[A-Z0-9]+$/)) { + bootbox.alert('Invalid ID for OIDC provider: must be alphanumeric'); + return; + } + + if (result == 'GITHUB' || result == 'GOOGLE') { + bootbox.alert('Invalid ID for OIDC provider: cannot be a reserved name'); + return; + } + + var key = result + '_LOGIN_CONFIG'; + if ($scope.config[key]) { + bootbox.alert('Invalid ID for OIDC provider: already exists'); + return; + } + + $scope.config[key] = {}; + }); + }; + + $scope.getOIDCProviderId = function(key) { + var index = key.indexOf('_LOGIN_CONFIG'); + if (index <= 0) { + return null; + } + + return key.substr(0, index); + }; + + $scope.getOIDCProviders = function(config) { + var keys = Object.keys(config || {}); + return keys.filter(function(key) { + if (key == 'GITHUB_LOGIN_CONFIG' || key == 'GOOGLE_LOGIN_CONFIG') { + // Has custom UI and config. + return false; + } + + return !!$scope.getOIDCProviderId(key); + }); + }; + $scope.getServices = function(config) { var services = []; if (!config) { return services; }