4.2 KiB
4.2 KiB
Authority Plugin System (LDAP, SAML, Custom Providers)
Module
Authority
Status
IMPLEMENTED
Description
Extensible authentication with pluggable identity providers loaded at startup, supporting multiple authentication methods including Standard (username/password), LDAP, OIDC, SAML, and a Unified adapter.
Implementation Details
- Modules:
src/Authority/StellaOps.Authority/StellaOps.Authority/Plugins/,src/Authority/StellaOps.Authority/StellaOps.Authority.Plugins.Abstractions/,src/Authority/StellaOps.Authority/StellaOps.Authority.Plugin.Standard/,src/Authority/StellaOps.Authority/StellaOps.Authority.Plugin.Ldap/,src/Authority/StellaOps.Authority/StellaOps.Authority.Plugin.Oidc/,src/Authority/StellaOps.Authority/StellaOps.Authority.Plugin.Saml/,src/Authority/StellaOps.Authority/StellaOps.Authority.Plugin.Unified/ - Key Classes:
AuthorityPluginLoader(src/Authority/StellaOps.Authority/StellaOps.Authority/Plugins/AuthorityPluginLoader.cs) - discovers and loads plugin assemblies from disk at startupAuthorityPluginRegistrationSummary(src/Authority/StellaOps.Authority/StellaOps.Authority/Plugins/AuthorityPluginRegistrationSummary.cs) - captures loaded plugins, errors, and capabilitiesAuthorityPluginContracts(src/Authority/StellaOps.Authority/StellaOps.Authority.Plugins.Abstractions/AuthorityPluginContracts.cs) -IAuthorityPlugin,IAuthorityPluginRegistrarinterfacesIdentityProviderContracts(src/Authority/StellaOps.Authority/StellaOps.Authority.Plugins.Abstractions/IdentityProviderContracts.cs) -IAuthorityIdentityProviderPlugin, credential validation, claims enrichmentAuthoritySecretHasher(src/Authority/StellaOps.Authority/StellaOps.Authority.Plugins.Abstractions/AuthoritySecretHasher.cs) - pluggable secret hashingStandardIdentityProviderPlugin(src/Authority/StellaOps.Authority/StellaOps.Authority.Plugin.Standard/StandardIdentityProviderPlugin.cs) - built-in username/password pluginStandardPluginRegistrar(src/Authority/StellaOps.Authority/StellaOps.Authority.Plugin.Standard/StandardPluginRegistrar.cs) - Standard plugin registrationStandardPluginBootstrapper(src/Authority/StellaOps.Authority/StellaOps.Authority.Plugin.Standard/Bootstrap/StandardPluginBootstrapper.cs) - bootstraps initial admin userStandardCredentialAuditLogger(src/Authority/StellaOps.Authority/StellaOps.Authority.Plugin.Standard/Security/StandardCredentialAuditLogger.cs) - audit logging for credential operationsLdapIdentityProviderPlugin(src/Authority/StellaOps.Authority/StellaOps.Authority.Plugin.Ldap/LdapIdentityProviderPlugin.cs) - LDAP identity providerOidcIdentityProviderPlugin(src/Authority/StellaOps.Authority/StellaOps.Authority.Plugin.Oidc/OidcIdentityProviderPlugin.cs) - OIDC identity providerSamlIdentityProviderPlugin(src/Authority/StellaOps.Authority/StellaOps.Authority.Plugin.Saml/SamlIdentityProviderPlugin.cs) - SAML identity providerAuthPluginAdapter(src/Authority/StellaOps.Authority/StellaOps.Authority.Plugin.Unified/AuthPluginAdapter.cs) - unified adapter for multiple plugin types
- Interfaces:
IAuthorityPlugin,IAuthorityPluginRegistrar,IAuthorityIdentityProviderPlugin(inAuthorityPluginContracts.cs,IdentityProviderContracts.cs) - Source: Feature matrix scan
E2E Test Plan
- Start the Authority server with Standard and LDAP plugins and verify
AuthorityPluginRegistrationSummaryshows both loaded successfully - Authenticate via
StandardIdentityProviderPluginusing username/password and verify a token is issued - Remove a plugin from the plugins directory, restart, and verify
AuthorityPluginLoaderreports it as missing without crashing - Register a custom plugin implementing
IAuthorityIdentityProviderPluginand verify it is discovered and callable - Verify each plugin's
IAuthorityPluginRegistrar.Registeris called with the correctAuthorityPluginRegistrationContext - Verify credential audit: authenticate via Standard plugin and verify
StandardCredentialAuditLoggerrecords the login event - Load OIDC and SAML plugins simultaneously and verify each handles its respective protocol flow independently