ERS

WHY

(copied from confluence page. The rest is a technical stuff...)

In order to empower partners and developers, they need to be able to make visual changes to the frontend. This would speed up the process between partner and customer and Onegini won't be considered as a bottleneck. Not only did CMS solutions set the standard and expectations to update fast for marketing departments, other CIAM solutions such as OKTA and Janrain offer styling changes as well. At the same time, you're not 100% free to do anything you like. Onegini CIAM is a security solution, so we can easily defend we don't allow customers to make the same type of changes they can make for a blog or homepage. At the same time, the frontend should be flexible enough to work with any type of design. In this version Onegini Connect doesn't require marketing / non-technical people to make any visual changes. You need to have a solid background in html/css/images in frontend solutions and an understanding of GIT. In the remainder of this text html, css and images will be names "resources".

In most cases resources are within a idp-core, a customized idp-extension, or idp-ui-extension. Because the resources are internal to the applications themselves, it means Onegini needs to get involved every time a change is needed. With this proposal, Onegini will remove itself from the middle and allow the customers to work on and publish their resources directly. This speeds up their development and reduces the load on our PS and DevOps departments.

HOW

ERS is a simple, 3-screens application. * Configuration * Reference * Overview

Configuration page

ERS1

In this screen the following items are configurable:

  • Remote URL. In the MVP we will only support cloning over https. Cloning over ssh is out of scope.
  • Authentication method
    • None (public repository)
    • Username and password/personal token The admin should check "No authentication required" if he works with a public repository. For private repositories the admin must enter a username and password. Instead of a password the admin might enter a GitHub Personal access token generated here: Personal access tokens

When the admin submits the form there will be validation for the required fields and their format. The values are sent to the backend which will store them. This page is also displayed for editing connection.

Reference page

When configuration is saved and validated the second screen is displayed:

ERS2

Here we get all the available remote tags/branches and the selected tag/branch from the git repository (configured in the previous step). We get branches in development and test environments, and tags in staging and production environments. (Branches and tags are created by template developer in git repo. Tags are more "formal" versions of tepmplates, branches are for testing purpose).

In this screen the following items are configurable: branches or tags. If one has been returned as configured it will be preselected. When the admin submits the form, we validate that a branch or tag has been selected. The selected branch or tag will be called "selected reference". It's sent to the backend which will store it and trigger the synchronization process (resources reloading). It's described in another part.

Overview page

Finally the overview page is displayed:

ERS3

The overview page shows the following items: * Remote URL * Authentication method * Username if the method is "Username and password" * The selected branch or tag * Last time the resources have been fetched from the remote repository (in progress) * There will be also button to trigger synchronization process (in progress)

The connection and reference are editable. To go to the configuration page just click "Edit connection" button. Admin can also change the reference by clicking "Change reference".

Synchronization

It's rather a technical part. The external resources are fetched from git repositories maintained by the customers and stored in AWS S3 buckets managed by Onegini.

Preparing git repository

The only thing that template developer should keep in mind is the proper directory structure of a git repository. There should be extension-resources folder in the root folder. Within extension-resources folder developer can add ony of the following folders: * email-templates - contains templates for emails * messages - contains key-value messages in multiple languages * static - contains js and css, images and other static resources * templates - contains templates displayed in the frontend

ONLY FOR THE EDITOR: To feel it better you can simply go here and see the ERS application running (keycloak authentication required). You can change selected reference. The changes should be visible here (Changing repository coniguration is inadvisable)

The repository used for demo purpose is here It's private, so only Onegini employees have access to it. But it's a good example with templates. The main (master) branch is empty. But other branches contain resources Link to branch