Configuring agreements for IdP endpoint

Description

Introduction

This task brings a universal component for configuring agreements (aka policy acceptance) presentation in Unity subsystem, basing on the first use case: IdPs. Therefore the configuration UI as well as rendering components should be prepared for reuse in other scenarios.

Example use case: admin of an application using Unity for authN wants to update his application's terms of use. All users should be forced to accept the updated ToU immediately after login.

This generic feature should be wired with both SAML and web OAuth endpoints as a common feature. It might be enabled also on other web endpoints in future.

Configuration of agreement items

The configuration should be stored together with endpoint configuration. Configuration will always contain a list of agreement items. Each item consists of:

  • set of policy documents to be included

  • Presentation mode, one of:

    • checkbox-checked -> one checkbox will be rendered, initially checked

    • checkbox-unchecked -> as above but initially unchecked

    • implicite -> only text will be rendered

  • text with placeholders for each agreement. Syntax should be controlled. Format of placeholder is {NUMBER:displayed text}. E.g. “I agree with {2:ToU}”. The NUMBER must be key of one of the included policy documents.

There must be one "soft" validation: we should not allow to mix in one agreements item optional and mandatory documents. By soft I mean that it still be triggered by changing document type. Anyway this is sort of misconfiguration, and in effect system will partially require users to accept optional document put together with mandatory.

UI spec of the re-useable agreements config is here: https://balsamiq.cloud/sjvkm7s/pl9yeyv/rB45B

Configuration in IdP endpoint

Additionally the configuration for IdP's agreements should ask for the title, and info (both i18n). UI spec is here: https://balsamiq.cloud/sjvkm7s/pl9yeyv/r9723

UI of the agreements configuration should be placed in a separate tab in console's IdP configuration, one before Authentication tab. Icon: same as for policy documents in main menu. By default there should be no agreements configured.

 

 

Done

Assignee

Piotr Piernik

Reporter

Krzysztof

Labels

None

Epic Link

Fix versions

Priority

Medium