LDAP IDP

[hifabienne]

As an end-user, I want to see a button with my organization's LDAP provider name on the new login UI when it is configured for my context, so that I can easily choose to log in using my LDAP credentials.

Goal/Purpose:

To allow users to authenticate using their existing LDAP credentials, providing a seamless and familiar login experience for organizations that utilize LDAP for identity management. This reduces the need for users to manage separate credentials and centralizes user authentication.

Description

The new login UI will dynamically display available login methods based on the configuration for the specific context instance or organization the user is trying to access.
When an LDAP Identity Provider (IDP) is configured, a button representing that IDP (displaying its name) should appear in the "Login with" section of the UI. Clicking this button will redirect the user to a dedicated username and password input screen specifically for LDAP authentication. Upon submitting valid LDAP credentials, the user should be successfully authenticated and granted access to the application.

Acceptance Criteria:

• LDAP Button Visibility
  • Given: An LDAP IDP named "Acme Directory" is configured for the current context instance.
  • When: I navigate to the new login UI.
  • Then: I should see a button labeled "Acme Directory" in the "Login with" section.
• No LDAP Button
  • Given: No LDAP IDP is configured for the current context instance.
  • When: I navigate to the new login UI.
  • Then: I should not see any LDAP-specific login buttons in the "Login with" section.
• Redirection to LDAP Credentials Screen
  • Given: An LDAP IDP button is visible and I click it.
  • When: I click the "Acme Directory" button.
  • Then: I should be redirected to a new screen displaying fields for "Username" and "Password".
• Successful LDAP Login
  • Given: I am on the LDAP username and password screen for "Acme Directory".
  • When: I enter valid LDAP username and password credentials and click the "Login" button.
  • Then: I should be successfully authenticated and redirected to the configured redirect url
• Failed LDAP Login
  • Given: I am on the LDAP username and password screen for "Acme Directory".
  • When: I enter invalid LDAP username or password credentials and click the "Login" button.
  • Then: I should see an error message indicating that the login failed due to incorrect credentials. I should remain on the LDAP username and password screen to try again.
• Automated Tests
  • Given: The LDAP login feature has been implemented.
  • When: Automated tests are executed.
  • Then: All relevant test cases, including successful and failed login attempts for configured LDAP IDPs, pass successfully.
• Documentation
  • Given: The LDAP login feature has been implemented.
  • When: End-user documentation is reviewed.
  • Then: Clear and concise documentation exists explaining how to use the LDAP login option on the new login UI.