A python flask implementation of an SSO dashboard. OIDC for authentication and message bus for alert pipelines.
Above is the dashboard prototype as it exists today. This screenshot will be updated as the dashboard UI evolves.
- Andrew Krug [:andrew] akrug@mozilla.com
- Flask
- Redis
- Jinja
- Flask-SSE
- Gunicorn
- MUI-CSS Framework
- Server Side Events Security Alerts
- Control over what apps a user sees
- User profile editor
- Global Security Alerts
- IHaveBeenPwned Integration
- User alert acknowledgement/escalation
All authentications are performed to auth0. Due to the nature of the Application this will be restricted to Mozilla LDAP login only until the "enriched profile" is complete.
This app does not technically provide authorization. It does however check a file using rule syntax to determine what applications should be in the users dashboard. The rule file exists in dashboard/data/apps.yml.
---
apps:
- application:
name: "Demo App 1"
op: okta
url: "https://foo.bar.com"
logo: "static/img/auth0.png"
authorized_users: []
authorized_groups: []
display: false
During authorization the app checks the users ldap group membership if a user is member of the required ldap group and it exists in their profile the user is shown the icon.
Note: The display false attribute will cause the app not to be displayed at all under any circumstance. This exists largely to facilitate dev apps or app staging and then taking apps live.
In order to add applications to the dashboard there is an apps.yml file and a logos directory that exists in the Mozilla-IAM github org.
https://github.com/mozilla-iam/sso-dashboard-configuration
These are the rules of the logos. They have to conform to some standards due to the fact they are in a responsive grid.
- Logos should be uploaded to s3 bucket
- Logos should 120px by 40px ( or same aspect )
- Logos should be .png