Skip to content

AzureIDIR (IDIR MFA) support#250

Open
norrisng-bc wants to merge 2 commits into
masterfrom
feature/azureidir
Open

AzureIDIR (IDIR MFA) support#250
norrisng-bc wants to merge 2 commits into
masterfrom
feature/azureidir

Conversation

@norrisng-bc
Copy link
Copy Markdown
Member

@norrisng-bc norrisng-bc commented May 27, 2026
edited
Loading

Description

This PR introduces full support for IDIR MFA (a.k.a. azureidir) as an identity provider, alongside the existing SiteMinder IDIR (or idir).

Partial support was already available in the local dev environment, but behaviour was buggy. Some examples of this include:

  • A user logging in via IDIR MFA wouldn't be treated as an elevated user (resulting in a slightly restricted feature set)
  • Permissions assigned to an idir user didn't carry over to the azureidir-equivalent user
  • And despite this distinction, the BCBox UI didn't expose the underlying IDP, resulting in potential confusion (e.g. a user search returning multiple seemingly identical results)

Similar to the COMS-side changes made to enable IDIR MFA (bcgov/common-object-management-service#320), this was achieved by 'coercing' authStore.profile.identity_provider to idir whenever azureidir was present in the corresponding JWT field.

Additionally, all calls to bucketStore.fetchBuckets() (typically executed when bucket-related components are mounted, or when the user performs an action that changes the state of the bucket store) now pass the idp.

This fixes a bug with the bucket table, where a folder that's only displayed because the user has IDP-level permissions (but not user-specific permissions) reverts to being a dummy folder, upon any user actions that change a bucket or folder (e.g. creating/deleting subfolders).

https://apps.nrs.gov.bc.ca/int/jira/browse/SHOWCASE-3713
https://apps.nrs.gov.bc.ca/int/jira/browse/SHOWCASE-4365

Types of changes

Bug fix (non-breaking change which fixes an issue)
New feature (non-breaking change which adds functionality)

Checklist

  • I have read the CONTRIBUTING doc
  • I have checked that unit tests pass locally with my changes
  • I have added tests that prove my fix is effective or that my feature works
  • I have added necessary documentation (if appropriate)

Further comments

See also: bcgov/common-object-management-service#320

@norrisng-bc
Bugfix: no IDP specified in IDP perms check during bucketStore refresh
b9f1342 
Also: in bucketStore, rename permResponse to userPermResponse for clarity (and to reflect difference between user perms and IDP perms)
@norrisng-bc
azureidir support
3a014b4 
Already enabled on local environment, but crucially, the corresponding idir/azureidir user is now treated as the same user (instead of completely different ones).
@github-actions
Copy link
Copy Markdown

github-actions Bot commented May 27, 2026

Coverage Report (Application)

Totals Coverage
Statements: 70.67% ( 53 / 75 )
Methods: 62.5% ( 5 / 8 )
Lines: 81.63% ( 40 / 49 )
Branches: 44.44% ( 8 / 18 )

@github-actions
Copy link
Copy Markdown

github-actions Bot commented May 27, 2026

Coverage Report (Frontend)

Totals Coverage
Statements: 14.69% ( 872 / 5934 )
Methods: 14.94% ( 162 / 1084 )
Lines: 18.13% ( 578 / 3188 )
Branches: 7.94% ( 132 / 1662 )

@github-actions
Copy link
Copy Markdown

github-actions Bot commented May 27, 2026

Release eb21b9c deployed at https://bcbox-dev-pr-250.apps.silver.devops.gov.bc.ca

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@TimCsaky TimCsaky Awaiting requested review from TimCsaky TimCsaky is a code owner

@jatindersingh93 jatindersingh93 Awaiting requested review from jatindersingh93 jatindersingh93 is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@norrisng-bc