github.com/minio/console@v1.4.1/web-app/src/screens/Console/IDP/utils.tsx (about) 1 // This file is part of MinIO Console Server 2 // Copyright (c) 2022 MinIO, Inc. 3 // 4 // This program is free software: you can redistribute it and/or modify 5 // it under the terms of the GNU Affero General Public License as published by 6 // the Free Software Foundation, either version 3 of the License, or 7 // (at your option) any later version. 8 // 9 // This program is distributed in the hope that it will be useful, 10 // but WITHOUT ANY WARRANTY; without even the implied warranty of 11 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 // GNU Affero General Public License for more details. 13 // 14 // You should have received a copy of the GNU Affero General Public License 15 // along with this program. If not, see <http://www.gnu.org/licenses/>. 16 17 import { LockIcon, LoginIcon } from "mds"; 18 19 export const ldapHelpBoxContents = [ 20 { 21 text: "MinIO supports using an Active Directory or LDAP (AD/LDAP) service for external management of user identities. Configuring an external IDentity Provider (IDP) enables Single-Sign On (SSO) workflows, where applications authenticate against the external IDP before accessing MinIO.", 22 icon: <LoginIcon />, 23 iconDescription: "Create Configurations", 24 }, 25 { 26 text: "MinIO queries the configured Active Directory / LDAP server to verify the credentials specified by the application and optionally return a list of groups in which the user has membership. MinIO supports two modes (Lookup-Bind Mode and Username-Bind Mode) for performing these queries", 27 icon: null, 28 iconDescription: "", 29 }, 30 { 31 text: "MinIO recommends using Lookup-Bind mode as the preferred method for verifying AD/LDAP credentials. Username-Bind mode is a legacy method retained for backwards compatibility only.", 32 icon: null, 33 iconDescription: "", 34 }, 35 ]; 36 37 export const openIDHelpBoxContents = [ 38 { 39 text: "MinIO supports using an OpenID Connect (OIDC) compatible IDentity Provider (IDP) such as Okta, KeyCloak, Dex, Google, or Facebook for external management of user identities.", 40 icon: <LockIcon />, 41 iconDescription: "Create Configurations", 42 }, 43 { 44 text: "Configuring an external IDP enables Single-Sign On workflows, where applications authenticate against the external IDP before accessing MinIO.", 45 icon: null, 46 iconDescription: "", 47 }, 48 ]; 49 50 export const openIDFormFields = { 51 config_url: { 52 required: true, 53 hasError: (s: string, editMode: boolean) => { 54 return !s && editMode ? "Config URL is required" : ""; 55 }, 56 label: "Config URL", 57 tooltip: "Config URL for identity provider configuration", 58 placeholder: 59 "https://identity-provider-url/.well-known/openid-configuration", 60 type: "text", 61 editOnly: false, 62 }, 63 client_id: { 64 required: true, 65 hasError: (s: string, editMode: boolean) => { 66 return !s && editMode ? "Client ID is required" : ""; 67 }, 68 label: "Client ID", 69 tooltip: "Identity provider Client ID", 70 placeholder: "Enter Client ID", 71 type: "text", 72 editOnly: false, 73 }, 74 client_secret: { 75 required: true, 76 hasError: (s: string, editMode: boolean) => { 77 return !s && editMode ? "Client Secret is required" : ""; 78 }, 79 label: "Client Secret", 80 tooltip: "Identity provider Client Secret", 81 placeholder: "Enter Client Secret", 82 type: "password", 83 editOnly: true, 84 }, 85 claim_name: { 86 required: false, 87 label: "Claim Name", 88 tooltip: "Claim from which MinIO will read the policy or role to use", 89 placeholder: "Enter Claim Name", 90 type: "text", 91 hasError: (s: string, editMode: boolean) => "", 92 editOnly: false, 93 }, 94 display_name: { 95 required: false, 96 label: "Display Name", 97 tooltip: "", 98 placeholder: "Enter Display Name", 99 type: "text", 100 hasError: (s: string, editMode: boolean) => "", 101 editOnly: false, 102 }, 103 claim_prefix: { 104 required: false, 105 label: "Claim Prefix", 106 tooltip: "", 107 placeholder: "Enter Claim Prefix", 108 type: "text", 109 hasError: (s: string, editMode: boolean) => "", 110 editOnly: false, 111 }, 112 scopes: { 113 required: false, 114 label: "Scopes", 115 tooltip: "", 116 placeholder: "openid,profile,email", 117 type: "text", 118 hasError: (s: string, editMode: boolean) => "", 119 editOnly: false, 120 }, 121 redirect_uri: { 122 required: false, 123 label: "Redirect URI", 124 tooltip: "", 125 placeholder: "https://console-endpoint-url/oauth_callback", 126 type: "text", 127 hasError: (s: string, editMode: boolean) => "", 128 editOnly: false, 129 }, 130 role_policy: { 131 required: false, 132 label: "Role Policy", 133 tooltip: "", 134 placeholder: "readonly", 135 type: "text", 136 hasError: (s: string, editMode: boolean) => "", 137 editOnly: false, 138 }, 139 claim_userinfo: { 140 required: false, 141 label: "Claim User Info", 142 tooltip: "", 143 placeholder: "Claim User Info", 144 type: "toggle", 145 hasError: (s: string, editMode: boolean) => "", 146 editOnly: false, 147 }, 148 redirect_uri_dynamic: { 149 required: false, 150 label: "Redirect URI Dynamic", 151 tooltip: "", 152 placeholder: "Redirect URI Dynamic", 153 type: "toggle", 154 hasError: (s: string, editMode: boolean) => "", 155 editOnly: false, 156 }, 157 }; 158 159 export const ldapFormFields = { 160 server_insecure: { 161 required: true, 162 hasError: (s: string, editMode: boolean) => { 163 return !s && editMode ? "Server Address is required" : ""; 164 }, 165 label: "Server Insecure", 166 tooltip: "Disable SSL certificate verification ", 167 placeholder: "myldapserver.com:636", 168 type: "toggle", 169 editOnly: false, 170 }, 171 server_addr: { 172 required: true, 173 hasError: (s: string, editMode: boolean) => { 174 return !s && editMode ? "Server Address is required" : ""; 175 }, 176 label: "Server Address", 177 tooltip: 'AD/LDAP server address e.g. "myldapserver.com:636"', 178 placeholder: "myldapserver.com:636", 179 type: "text", 180 editOnly: false, 181 }, 182 lookup_bind_dn: { 183 required: true, 184 hasError: (s: string, editMode: boolean) => { 185 return !s && editMode ? "Lookup Bind DN is required" : ""; 186 }, 187 label: "Lookup Bind DN", 188 tooltip: 189 "DN (Distinguished Name) for LDAP read-only service account used to perform DN and group lookups", 190 placeholder: "cn=admin,dc=min,dc=io", 191 type: "text", 192 editOnly: false, 193 }, 194 lookup_bind_password: { 195 required: true, 196 hasError: (s: string, editMode: boolean) => { 197 return !s && editMode ? "Lookup Bind Password is required" : ""; 198 }, 199 label: "Lookup Bind Password", 200 tooltip: 201 "Password for LDAP read-only service account used to perform DN and group lookups", 202 placeholder: "admin", 203 type: "password", 204 editOnly: true, 205 }, 206 user_dn_search_base_dn: { 207 required: true, 208 hasError: (s: string, editMode: boolean) => { 209 return !s && editMode ? "User DN Search Base DN is required" : ""; 210 }, 211 label: "User DN Search Base", 212 tooltip: "", 213 placeholder: "DC=example,DC=net", 214 type: "text", 215 editOnly: false, 216 }, 217 user_dn_search_filter: { 218 required: true, 219 hasError: (s: string, editMode: boolean) => { 220 return !s && editMode ? "User DN Search Filter is required" : ""; 221 }, 222 label: "User DN Search Filter", 223 tooltip: "", 224 placeholder: "(sAMAcountName=%s)", 225 type: "text", 226 editOnly: false, 227 }, 228 group_search_base_dn: { 229 required: false, 230 hasError: (s: string, editMode: boolean) => "", 231 label: "Group Search Base DN", 232 tooltip: "", 233 placeholder: "ou=swengg,dc=min,dc=io", 234 type: "text", 235 editOnly: false, 236 }, 237 group_search_filter: { 238 required: false, 239 hasError: (s: string, editMode: boolean) => "", 240 label: "Group Search Filter", 241 tooltip: "", 242 placeholder: "(&(objectclass=groupofnames)(member=%d))", 243 type: "text", 244 editOnly: false, 245 }, 246 };