semi implemented and features implemented save checkpoint

2026-02-08 18:00:49 +02:00
parent 04360dff63
commit 1bf6bbf395
20895 changed files with 716795 additions and 64 deletions
--- a/docs/features/unchecked/authority/authority-plugin-system.md
+++ b/docs/features/unchecked/authority/authority-plugin-system.md
@@ -0,0 +1,38 @@
+# Authority Plugin System (LDAP, SAML, Custom Providers)
+
+## Module
+Authority
+
+## Status
+IMPLEMENTED
+
+## Description
+Extensible authentication with pluggable identity providers loaded at startup, supporting multiple authentication methods including Standard (username/password), LDAP, OIDC, SAML, and a Unified adapter.
+
+## Implementation Details
+- **Modules**: `src/Authority/StellaOps.Authority/StellaOps.Authority/Plugins/`, `src/Authority/StellaOps.Authority/StellaOps.Authority.Plugins.Abstractions/`, `src/Authority/StellaOps.Authority/StellaOps.Authority.Plugin.Standard/`, `src/Authority/StellaOps.Authority/StellaOps.Authority.Plugin.Ldap/`, `src/Authority/StellaOps.Authority/StellaOps.Authority.Plugin.Oidc/`, `src/Authority/StellaOps.Authority/StellaOps.Authority.Plugin.Saml/`, `src/Authority/StellaOps.Authority/StellaOps.Authority.Plugin.Unified/`
+- **Key Classes**:
+  - `AuthorityPluginLoader` (`src/Authority/StellaOps.Authority/StellaOps.Authority/Plugins/AuthorityPluginLoader.cs`) - discovers and loads plugin assemblies from disk at startup
+  - `AuthorityPluginRegistrationSummary` (`src/Authority/StellaOps.Authority/StellaOps.Authority/Plugins/AuthorityPluginRegistrationSummary.cs`) - captures loaded plugins, errors, and capabilities
+  - `AuthorityPluginContracts` (`src/Authority/StellaOps.Authority/StellaOps.Authority.Plugins.Abstractions/AuthorityPluginContracts.cs`) - `IAuthorityPlugin`, `IAuthorityPluginRegistrar` interfaces
+  - `IdentityProviderContracts` (`src/Authority/StellaOps.Authority/StellaOps.Authority.Plugins.Abstractions/IdentityProviderContracts.cs`) - `IAuthorityIdentityProviderPlugin`, credential validation, claims enrichment
+  - `AuthoritySecretHasher` (`src/Authority/StellaOps.Authority/StellaOps.Authority.Plugins.Abstractions/AuthoritySecretHasher.cs`) - pluggable secret hashing
+  - `StandardIdentityProviderPlugin` (`src/Authority/StellaOps.Authority/StellaOps.Authority.Plugin.Standard/StandardIdentityProviderPlugin.cs`) - built-in username/password plugin
+  - `StandardPluginRegistrar` (`src/Authority/StellaOps.Authority/StellaOps.Authority.Plugin.Standard/StandardPluginRegistrar.cs`) - Standard plugin registration
+  - `StandardPluginBootstrapper` (`src/Authority/StellaOps.Authority/StellaOps.Authority.Plugin.Standard/Bootstrap/StandardPluginBootstrapper.cs`) - bootstraps initial admin user
+  - `StandardCredentialAuditLogger` (`src/Authority/StellaOps.Authority/StellaOps.Authority.Plugin.Standard/Security/StandardCredentialAuditLogger.cs`) - audit logging for credential operations
+  - `LdapIdentityProviderPlugin` (`src/Authority/StellaOps.Authority/StellaOps.Authority.Plugin.Ldap/LdapIdentityProviderPlugin.cs`) - LDAP identity provider
+  - `OidcIdentityProviderPlugin` (`src/Authority/StellaOps.Authority/StellaOps.Authority.Plugin.Oidc/OidcIdentityProviderPlugin.cs`) - OIDC identity provider
+  - `SamlIdentityProviderPlugin` (`src/Authority/StellaOps.Authority/StellaOps.Authority.Plugin.Saml/SamlIdentityProviderPlugin.cs`) - SAML identity provider
+  - `AuthPluginAdapter` (`src/Authority/StellaOps.Authority/StellaOps.Authority.Plugin.Unified/AuthPluginAdapter.cs`) - unified adapter for multiple plugin types
+- **Interfaces**: `IAuthorityPlugin`, `IAuthorityPluginRegistrar`, `IAuthorityIdentityProviderPlugin` (in `AuthorityPluginContracts.cs`, `IdentityProviderContracts.cs`)
+- **Source**: Feature matrix scan
+
+## E2E Test Plan
+- [ ] Start the Authority server with Standard and LDAP plugins and verify `AuthorityPluginRegistrationSummary` shows both loaded successfully
+- [ ] Authenticate via `StandardIdentityProviderPlugin` using username/password and verify a token is issued
+- [ ] Remove a plugin from the plugins directory, restart, and verify `AuthorityPluginLoader` reports it as missing without crashing
+- [ ] Register a custom plugin implementing `IAuthorityIdentityProviderPlugin` and verify it is discovered and callable
+- [ ] Verify each plugin's `IAuthorityPluginRegistrar.Register` is called with the correct `AuthorityPluginRegistrationContext`
+- [ ] Verify credential audit: authenticate via Standard plugin and verify `StandardCredentialAuditLogger` records the login event
+- [ ] Load OIDC and SAML plugins simultaneously and verify each handles its respective protocol flow independently