Skip to content

feat(flex): integrate new cedarling flow on Admin UI #2425

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
moabu merged 36 commits into from
Nov 20, 2025
Merged

feat(flex): integrate new cedarling flow on Admin UI #2425

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
36 commits
Select commit Hold shift + click to select a range
edd66d0
feat: fetch policy store and save in redux
kdhttps Nov 6, 2025
2557094
fix: fix cedarling init error
kdhttps Nov 11, 2025
50360e4
cedarling revamping in admin sidebar
faisalsiddique4400 Nov 12, 2025
6125033
Fido, Saml, SMTP is done
faisalsiddique4400 Nov 13, 2025
ccfbe37
SCIM, Services, Profile
faisalsiddique4400 Nov 14, 2025
58752c9
User Claims, Auth Server done(excluding Authentication
faisalsiddique4400 Nov 14, 2025
98ff5bf
Implemented new cedarling in the Supporting components
faisalsiddique4400 Nov 14, 2025
f853905
Implemented new cedarling in LDap List & SQL List
faisalsiddique4400 Nov 14, 2025
3ccd007
Implemented new cedarling in Jans Lock
faisalsiddique4400 Nov 14, 2025
54ab139
Implemented new cedarling in Auth Server -> Authentication
faisalsiddique4400 Nov 14, 2025
e550ec6
removed legacy cedarling from MessageForm which is not in use anymore
faisalsiddique4400 Nov 14, 2025
c536765
Decoupled the Health endpoint from Dashboard
faisalsiddique4400 Nov 16, 2025
475385b
Minor logging fix
faisalsiddique4400 Nov 16, 2025
96a1bc2
loader issue fixed in sidebar and improved legacy approach by removin…
faisalsiddique4400 Nov 16, 2025
65f3056
Minor improvements in SAML
faisalsiddique4400 Nov 16, 2025
5b329bc
A typo is made after fixing default policies in policy store
faisalsiddique4400 Nov 17, 2025
050ce75
Minor Improvements
faisalsiddique4400 Nov 17, 2025
b514db1
Minor Improvements
faisalsiddique4400 Nov 17, 2025
861ded0
Merging with Main
faisalsiddique4400 Nov 17, 2025
8f9537f
Merging with Main
faisalsiddique4400 Nov 17, 2025
7039c3b
improvement
faisalsiddique4400 Nov 17, 2025
aa89c2f
improvement
faisalsiddique4400 Nov 18, 2025
e639168
improvement
faisalsiddique4400 Nov 18, 2025
c420740
theme and optimization issues in cedarling alng with pass change issu…
faisalsiddique4400 Nov 18, 2025
5b36b17
Merge branch 'main' of github-faisal:GluuFederation/flex into 2321-ce…
faisalsiddique4400 Nov 19, 2025
068fef6
Profile population issue fixed
faisalsiddique4400 Nov 19, 2025
91a8110
Merge branch 'main' of github-faisal:GluuFederation/flex into 2321-ce…
faisalsiddique4400 Nov 19, 2025
8ad5be7
un-necessary apis calls prevented
faisalsiddique4400 Nov 19, 2025
3d83f93
Merge branch 'main' of github-faisal:GluuFederation/flex into 2321-ce…
faisalsiddique4400 Nov 19, 2025
991f625
Merge branch 'main' into 2321-cedarling-integration
moabu Nov 20, 2025
53e8d5c
resolving the emrging conflicts
faisalsiddique4400 Nov 20, 2025
f8e8ab0
Merge branch '2321-cedarling-integration' of github-faisal:GluuFedera…
faisalsiddique4400 Nov 20, 2025
f7611f5
removed un-used import
faisalsiddique4400 Nov 20, 2025
8b9cc5b
Minor adjustments
faisalsiddique4400 Nov 20, 2025
126cbf9
Minor adjustments
faisalsiddique4400 Nov 20, 2025
c8af8b6
Minor adjustments
faisalsiddique4400 Nov 20, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 1 addition & 2 deletions admin-ui/app/cedarling/client/CedarlingClient.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ import type {
BootStrapConfig,
AuthorizationResponse,
TokenAuthorizationRequest,
} from '../types'
} from '@/cedarling'

let cedarling: Cedarling | null = null
let cedarlingInitialized: boolean = false
Expand All @@ -24,7 +24,6 @@ const initialize = async (bootStrapConfig: BootStrapConfig): Promise<void> => {
await initWasm()
cedarling = await init(bootStrapConfig)
cedarlingInitialized = true
console.log('WASM Cedarling successfully initialized')
} catch (err) {
console.error('Error during Cedarling init:', err)
initializationPromise = null // Reset on error to allow retry
Expand Down
10 changes: 6 additions & 4 deletions admin-ui/app/cedarling/config/cedarling-bootstrap-TBAC.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,17 +14,19 @@
"CEDARLING_LOCK_SSA_JWT": null,
"CEDARLING_LOG_LEVEL": "DEBUG",
"CEDARLING_LOG_TYPE": "off",
"CEDARLING_POLICY_STORE_ID": "1d927bd9e20810be41fbac38529efaede03287207442",
"CEDARLING_POLICY_STORE_LOCAL": "",
"CEDARLING_MAPPING_ROLE": "Gluu::Flex::AdminUI::Role",
"CEDARLING_MAPPING_TRUSTED_ISSUER": "Gluu::Flex::AdminUI::TrustedIssuer",
"CEDARLING_MAPPING_USER": "Gluu::Flex::AdminUI::User",
"CEDARLING_MAPPING_WORKLOAD": "Gluu::Flex::AdminUI::Workload",
"CEDARLING_PRINCIPAL_BOOLEAN_OPERATION": {
"===": [
{
"var": "Jans::User"
"var": "Gluu::Flex::AdminUI::User"
},
"ALLOW"
]
},
"CEDARLING_USER_AUTHZ": "enabled",
"CEDARLING_WORKLOAD_AUTHZ": "disabled",
"id": "6a0925ee-cb35-434d-9d73-0b3b0042c2ff"
"CEDARLING_WORKLOAD_AUTHZ": "disabled"
}
7 changes: 0 additions & 7 deletions admin-ui/app/cedarling/constants.ts
View file
Open in desktop

This file was deleted.

1 change: 1 addition & 0 deletions admin-ui/app/cedarling/constants/index.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
export { CEDAR_RESOURCE_SCOPES, CEDARLING_CONSTANTS } from './resourceScopes'
220 changes: 220 additions & 0 deletions admin-ui/app/cedarling/constants/resourceScopes.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,220 @@
import type { AdminUiFeatureResource, ResourceScopeEntry } from '@/cedarling'
import { ADMIN_UI_RESOURCES } from '@/cedarling/utility'
import {
ASSETS_DELETE,
ASSETS_READ,
ASSETS_WRITE,
CACHE_DELETE,
CACHE_READ,
CACHE_WRITE,
FIDO_DELETE,
FIDO_READ,
FIDO_WRITE,
JANS_LOCK_READ,
JANS_LOCK_WRITE,
LICENSE_DETAILS_READ,
LICENSE_DETAILS_WRITE,
PERSISTENCE_DETAIL,
SQL_READ,
SQL_WRITE,
SQL_DELETE,
LDAP_READ,
LDAP_WRITE,
LDAP_DELETE,
SCIM_CONFIG_READ,
SCIM_CONFIG_WRITE,
SCRIPT_DELETE,
SCRIPT_READ,
SCRIPT_WRITE,
SMTP_DELETE,
SMTP_READ,
SMTP_WRITE,
STAT_JANS_READ,
STAT_READ,
SSA_PORTAL,
SSA_ADMIN,
SSA_DELETE,
SCOPE_READ,
SCOPE_WRITE,
SCOPE_DELETE,
SESSION_READ,
SESSION_DELETE,
ACR_READ,
ACR_WRITE,
CLIENT_READ,
CLIENT_WRITE,
CLIENT_DELETE,
PROPERTIES_WRITE,
API_CONFIG_READ,
API_CONFIG_WRITE,
LOGGING_READ,
LOGGING_WRITE,
JWKS_READ,
JWKS_WRITE,
SAML_READ,
SAML_WRITE,
SAML_DELETE,
SAML_TR_READ,
SAML_TR_WRITE,
SAML_CONFIG_READ,
SAML_CONFIG_WRITE,
ATTRIBUTE_READ,
ATTRIBUTE_WRITE,
ATTRIBUTE_DELETE,
USER_READ,
USER_WRITE,
USER_DELETE,
WEBHOOK_DELETE,
WEBHOOK_READ,
WEBHOOK_WRITE,
AGAMA_READ,
AGAMA_WRITE,
AGAMA_DELETE,
ROLE_READ,
PERMISSION_READ,
MAPPING_READ,
MAPPING_WRITE,
} from '@/utils/PermChecker'

// Type ensures all AdminUiFeatureResource keys are present at compile time
export const CEDAR_RESOURCE_SCOPES: Record<AdminUiFeatureResource, ResourceScopeEntry[]> = {
[ADMIN_UI_RESOURCES.Dashboard]: [
{ permission: STAT_READ, resourceId: ADMIN_UI_RESOURCES.Dashboard },
{ permission: STAT_JANS_READ, resourceId: ADMIN_UI_RESOURCES.Dashboard },
],
[ADMIN_UI_RESOURCES.MAU]: [
{ permission: STAT_READ, resourceId: ADMIN_UI_RESOURCES.MAU },
{ permission: STAT_JANS_READ, resourceId: ADMIN_UI_RESOURCES.MAU },
],
[ADMIN_UI_RESOURCES.License]: [
{ permission: LICENSE_DETAILS_READ, resourceId: ADMIN_UI_RESOURCES.License },
{ permission: LICENSE_DETAILS_WRITE, resourceId: ADMIN_UI_RESOURCES.License },
],
[ADMIN_UI_RESOURCES.Assets]: [
{ permission: ASSETS_READ, resourceId: ADMIN_UI_RESOURCES.Assets },
{ permission: ASSETS_WRITE, resourceId: ADMIN_UI_RESOURCES.Assets },
{ permission: ASSETS_DELETE, resourceId: ADMIN_UI_RESOURCES.Assets },
],
[ADMIN_UI_RESOURCES.Webhooks]: [
{ permission: WEBHOOK_READ, resourceId: ADMIN_UI_RESOURCES.Webhooks },
{ permission: WEBHOOK_WRITE, resourceId: ADMIN_UI_RESOURCES.Webhooks },
{ permission: WEBHOOK_DELETE, resourceId: ADMIN_UI_RESOURCES.Webhooks },
],
[ADMIN_UI_RESOURCES.Scripts]: [
{ permission: SCRIPT_READ, resourceId: ADMIN_UI_RESOURCES.Scripts },
{ permission: SCRIPT_WRITE, resourceId: ADMIN_UI_RESOURCES.Scripts },
{ permission: SCRIPT_DELETE, resourceId: ADMIN_UI_RESOURCES.Scripts },
],
[ADMIN_UI_RESOURCES.Cache]: [
{ permission: CACHE_READ, resourceId: ADMIN_UI_RESOURCES.Cache },
{ permission: CACHE_WRITE, resourceId: ADMIN_UI_RESOURCES.Cache },
{ permission: CACHE_DELETE, resourceId: ADMIN_UI_RESOURCES.Cache },
],
[ADMIN_UI_RESOURCES.Persistence]: [
{ permission: PERSISTENCE_DETAIL, resourceId: ADMIN_UI_RESOURCES.Persistence },
{ permission: SQL_READ, resourceId: ADMIN_UI_RESOURCES.Persistence },
{ permission: SQL_WRITE, resourceId: ADMIN_UI_RESOURCES.Persistence },
{ permission: SQL_DELETE, resourceId: ADMIN_UI_RESOURCES.Persistence },
{ permission: LDAP_READ, resourceId: ADMIN_UI_RESOURCES.Persistence },
{ permission: LDAP_WRITE, resourceId: ADMIN_UI_RESOURCES.Persistence },
{ permission: LDAP_DELETE, resourceId: ADMIN_UI_RESOURCES.Persistence },
],
[ADMIN_UI_RESOURCES.Lock]: [
{ permission: JANS_LOCK_READ, resourceId: ADMIN_UI_RESOURCES.Lock },
{ permission: JANS_LOCK_WRITE, resourceId: ADMIN_UI_RESOURCES.Lock },
],
[ADMIN_UI_RESOURCES.FIDO]: [
{ permission: FIDO_READ, resourceId: ADMIN_UI_RESOURCES.FIDO },
{ permission: FIDO_WRITE, resourceId: ADMIN_UI_RESOURCES.FIDO },
{ permission: FIDO_DELETE, resourceId: ADMIN_UI_RESOURCES.FIDO },
],
[ADMIN_UI_RESOURCES.SMTP]: [
{ permission: SMTP_READ, resourceId: ADMIN_UI_RESOURCES.SMTP },
{ permission: SMTP_WRITE, resourceId: ADMIN_UI_RESOURCES.SMTP },
{ permission: SMTP_DELETE, resourceId: ADMIN_UI_RESOURCES.SMTP },
],
[ADMIN_UI_RESOURCES.SCIM]: [
{ permission: SCIM_CONFIG_READ, resourceId: ADMIN_UI_RESOURCES.SCIM },
{ permission: SCIM_CONFIG_WRITE, resourceId: ADMIN_UI_RESOURCES.SCIM },
],
[ADMIN_UI_RESOURCES.Users]: [
{ permission: USER_READ, resourceId: ADMIN_UI_RESOURCES.Users },
{ permission: USER_WRITE, resourceId: ADMIN_UI_RESOURCES.Users },
{ permission: USER_DELETE, resourceId: ADMIN_UI_RESOURCES.Users },
],
[ADMIN_UI_RESOURCES.SAML]: [
{ permission: SAML_READ, resourceId: ADMIN_UI_RESOURCES.SAML },
{ permission: SAML_WRITE, resourceId: ADMIN_UI_RESOURCES.SAML },
{ permission: SAML_DELETE, resourceId: ADMIN_UI_RESOURCES.SAML },
{ permission: SAML_TR_READ, resourceId: ADMIN_UI_RESOURCES.SAML },
{ permission: SAML_TR_WRITE, resourceId: ADMIN_UI_RESOURCES.SAML },
{ permission: SAML_CONFIG_READ, resourceId: ADMIN_UI_RESOURCES.SAML },
{ permission: SAML_CONFIG_WRITE, resourceId: ADMIN_UI_RESOURCES.SAML },
],
[ADMIN_UI_RESOURCES.Attributes]: [
{ permission: ATTRIBUTE_READ, resourceId: ADMIN_UI_RESOURCES.Attributes },
{ permission: ATTRIBUTE_WRITE, resourceId: ADMIN_UI_RESOURCES.Attributes },
{ permission: ATTRIBUTE_DELETE, resourceId: ADMIN_UI_RESOURCES.Attributes },
],
[ADMIN_UI_RESOURCES.SSA]: [
{ permission: SSA_PORTAL, resourceId: ADMIN_UI_RESOURCES.SSA },
{ permission: SSA_ADMIN, resourceId: ADMIN_UI_RESOURCES.SSA },
{ permission: SSA_DELETE, resourceId: ADMIN_UI_RESOURCES.SSA },
],
[ADMIN_UI_RESOURCES.Scopes]: [
{ permission: SCOPE_READ, resourceId: ADMIN_UI_RESOURCES.Scopes },
{ permission: SCOPE_WRITE, resourceId: ADMIN_UI_RESOURCES.Scopes },
{ permission: SCOPE_DELETE, resourceId: ADMIN_UI_RESOURCES.Scopes },
],
[ADMIN_UI_RESOURCES.Session]: [
{ permission: SESSION_READ, resourceId: ADMIN_UI_RESOURCES.Session },
{ permission: SESSION_DELETE, resourceId: ADMIN_UI_RESOURCES.Session },
],
[ADMIN_UI_RESOURCES.Authentication]: [
{ permission: ACR_READ, resourceId: ADMIN_UI_RESOURCES.Authentication },
{ permission: ACR_WRITE, resourceId: ADMIN_UI_RESOURCES.Authentication },
{ permission: AGAMA_READ, resourceId: ADMIN_UI_RESOURCES.Authentication },
{ permission: AGAMA_WRITE, resourceId: ADMIN_UI_RESOURCES.Authentication },
{ permission: AGAMA_DELETE, resourceId: ADMIN_UI_RESOURCES.Authentication },
],
[ADMIN_UI_RESOURCES.Clients]: [
{ permission: CLIENT_READ, resourceId: ADMIN_UI_RESOURCES.Clients },
{ permission: CLIENT_WRITE, resourceId: ADMIN_UI_RESOURCES.Clients },
{ permission: CLIENT_DELETE, resourceId: ADMIN_UI_RESOURCES.Clients },
],
[ADMIN_UI_RESOURCES.AuthenticationServerConfiguration]: [
{
permission: PROPERTIES_WRITE,
resourceId: ADMIN_UI_RESOURCES.AuthenticationServerConfiguration,
},
],
[ADMIN_UI_RESOURCES.ConfigApiConfiguration]: [
{ permission: API_CONFIG_READ, resourceId: ADMIN_UI_RESOURCES.ConfigApiConfiguration },
{ permission: API_CONFIG_WRITE, resourceId: ADMIN_UI_RESOURCES.ConfigApiConfiguration },
],
[ADMIN_UI_RESOURCES.Logging]: [
{ permission: LOGGING_READ, resourceId: ADMIN_UI_RESOURCES.Logging },
{ permission: LOGGING_WRITE, resourceId: ADMIN_UI_RESOURCES.Logging },
],
[ADMIN_UI_RESOURCES.Keys]: [
{ permission: JWKS_READ, resourceId: ADMIN_UI_RESOURCES.Keys },
{ permission: JWKS_WRITE, resourceId: ADMIN_UI_RESOURCES.Keys },
],
[ADMIN_UI_RESOURCES.Security]: [
{ permission: ROLE_READ, resourceId: ADMIN_UI_RESOURCES.Security },
{ permission: PERMISSION_READ, resourceId: ADMIN_UI_RESOURCES.Security },
{ permission: MAPPING_READ, resourceId: ADMIN_UI_RESOURCES.Security },
{ permission: MAPPING_WRITE, resourceId: ADMIN_UI_RESOURCES.Security },
],
[ADMIN_UI_RESOURCES.Settings]: [
{ permission: ACR_READ, resourceId: ADMIN_UI_RESOURCES.Settings },
],
[ADMIN_UI_RESOURCES.AuditLogs]: [
{ permission: LOGGING_READ, resourceId: ADMIN_UI_RESOURCES.AuditLogs },
],
} as const satisfies Record<AdminUiFeatureResource, ResourceScopeEntry[]>

export const CEDARLING_CONSTANTS = {
ACTION_TYPE: 'Gluu::Flex::AdminUI::Action::',
RESOURCE_TYPE: 'Gluu::Flex::AdminUI::Resources::Features',
} as const
Loading
Loading