open-metadata
diff --git a/‎.github/workflows/sso-auth-tests-local-providers.yml‎
Lines changed: 421 additions & 0 deletions b/‎.github/workflows/sso-auth-tests-local-providers.yml‎
Lines changed: 421 additions & 0 deletions
diff --git a/‎.github/workflows/sso-auth-tests-nightly.yml‎
Lines changed: 140 additions & 0 deletions b/‎.github/workflows/sso-auth-tests-nightly.yml‎
Lines changed: 140 additions & 0 deletions
diff --git a/‎docker/local-sso/.env.example‎
Lines changed: 73 additions & 0 deletions b/‎docker/local-sso/.env.example‎
Lines changed: 73 additions & 0 deletions
@@ -0,0 +1,140 @@
+#  Copyright 2021 Collate
+#  Licensed under the Apache License, Version 2.0 (the "License");
+#  you may not use this file except in compliance with the License.
+#  You may obtain a copy of the License at
+#  http://www.apache.org/licenses/LICENSE-2.0
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+
+# This workflow runs SSO authentication tests nightly to verify SSO providers are working correctly.
+# Tests are excluded from regular Playwright runs to avoid requiring SSO credentials for all CI/CD.
+
+name: SSO Authentication Tests (Nightly)
+
+on:
+  # schedule:
+  #   # Run every night at 2 AM UTC
+  #   - cron: '0 2 * * *'s
+  workflow_dispatch: # Allow manual trigger
+    inputs:
+      sso_provider:
+        description: "SSO Provider to test"
+        required: true
+        default: "google"
+        type: choice
+        options:
+          - google
+          - okta
+          - azure
+          - auth0
+          - saml
+          - cognito
+          - all
+
+permissions:
+  contents: read
+
+concurrency:
+  group: sso-auth-tests-${{ github.workflow }}-${{ github.event.inputs.sso_provider || 'scheduled' }}
+  cancel-in-progress: true
+
+jobs:
+  sso-auth-tests:
+    runs-on: ubuntu-latest
+    timeout-minutes: 90
+    environment: test
+
+    strategy:
+      fail-fast: false
+      matrix:
+        provider: ${{ github.event.inputs.sso_provider == 'all' && fromJSON('["google", "okta", "azure", "auth0"]') || github.event.inputs.sso_provider && fromJSON(format('["{0}"]', github.event.inputs.sso_provider)) || fromJSON('["google"]') }}
+
+    steps:
+      - name: Free Disk Space (Ubuntu)
+        uses: jlumbroso/free-disk-space@main
+        with:
+          tool-cache: false
+          android: true
+          dotnet: true
+          haskell: true
+          large-packages: false
+          swap-storage: true
+          docker-images: false
+
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Cache Maven Dependencies
+        id: cache-output
+        uses: actions/cache@v4
+        with:
+          path: ~/.m2
+          key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
+          restore-keys: |
+            ${{ runner.os }}-maven-
+
+      - name: Setup OpenMetadata Test Environment
+        uses: ./.github/actions/setup-openmetadata-test-environment
+        with:
+          python-version: "3.10"
+          args: "-d mysql"
+          ingestion_dependency: "mysql,elasticsearch"
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version-file: "openmetadata-ui/src/main/resources/ui/.nvmrc"
+
+      - name: Install UI dependencies
+        working-directory: openmetadata-ui/src/main/resources/ui
+        run: yarn --ignore-scripts --frozen-lockfile
+
+      - name: Install Playwright Browsers
+        run: npx playwright@1.51.1 install --with-deps chromium
+
+      - name: Run SSO Authentication Tests
+        working-directory: openmetadata-ui/src/main/resources/ui
+        run: npx playwright test playwright/e2e/Auth/SSOAuthentication.spec.ts --workers=1
+        env:
+          SSO_PROVIDER_TYPE: ${{ matrix.provider }}
+          SSO_USERNAME: ${{ secrets[format('{0}_SSO_USERNAME', upper(matrix.provider))] }}
+          SSO_PASSWORD: ${{ secrets[format('{0}_SSO_PASSWORD', upper(matrix.provider))] }}
+          PLAYWRIGHT_IS_OSS: true
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        timeout-minutes: 60
+
+      - name: Upload test results
+        if: always()
+        uses: actions/upload-artifact@v4
+        with:
+          name: sso-auth-test-results-${{ matrix.provider }}
+          path: openmetadata-ui/src/main/resources/ui/playwright/output/playwright-report
+          retention-days: 7
+
+      - name: Upload test traces
+        if: failure()
+        uses: actions/upload-artifact@v4
+        with:
+          name: sso-auth-test-traces-${{ matrix.provider }}
+          path: openmetadata-ui/src/main/resources/ui/playwright/output/test-results/**/trace.zip
+          retention-days: 7
+
+      - name: Clean Up
+        if: always()
+        run: |
+          cd ./docker/development
+          docker compose down --remove-orphans
+          sudo rm -rf ${PWD}/docker-volume
+
+  notify:
+    needs: sso-auth-tests
+    runs-on: ubuntu-latest
+    if: failure()
+    steps:
+      - name: Send notification on failure
+        run: |
+          echo "SSO Authentication tests failed for one or more providers"
+          # Add your notification logic here (Slack, email, etc.)
@@ -0,0 +1,73 @@
+# Local SSO Environment Configuration
+# Copy this file to .env and customize as needed
+
+# ============================================
+# Keycloak Configuration
+# ============================================
+KEYCLOAK_URL=http://localhost:8080
+KEYCLOAK_ADMIN=admin
+KEYCLOAK_ADMIN_PASSWORD=admin123
+KEYCLOAK_REALM=openmetadata
+
+# ============================================
+# LDAP Configuration
+# ============================================
+LDAP_ORGANISATION=OpenMetadata
+LDAP_DOMAIN=openmetadata.org
+LDAP_ADMIN_PASSWORD=admin123
+LDAP_CONFIG_PASSWORD=config123
+
+# ============================================
+# OpenMetadata Configuration
+# ============================================
+OPENMETADATA_URL=http://localhost:8585
+OM_DATABASE=openmetadata_db
+
+# Database
+DB_DRIVER_CLASS=com.mysql.cj.jdbc.Driver
+DB_HOST=mysql
+DB_PORT=3306
+DB_USER=openmetadata_user
+DB_USER_PASSWORD=openmetadata_password
+
+# Elasticsearch
+ELASTICSEARCH_HOST=elasticsearch
+ELASTICSEARCH_PORT=9200
+ELASTICSEARCH_SCHEME=http
+
+# Authentication (populated automatically by docker-compose)
+AUTHENTICATION_PROVIDER=saml
+AUTHENTICATION_AUTHORITY=http://localhost:8080
+AUTHENTICATION_CLIENT_ID=http://localhost:8585
+AUTHENTICATION_CALLBACK_URL=http://localhost:8585/callback
+
+# Authorizer
+AUTHORIZER_CLASS_NAME=org.openmetadata.service.security.DefaultAuthorizer
+AUTHORIZER_REQUEST_FILTER=org.openmetadata.service.security.JwtFilter
+AUTHORIZER_ADMIN_PRINCIPALS=[admin@openmetadata.org,adminuser]
+AUTHORIZER_PRINCIPAL_DOMAIN=http://localhost:8080
+
+# ============================================
+# Playwright Test Configuration
+# ============================================
+# Uncomment and use for Playwright tests
+
+# For Keycloak SAML
+# SSO_PROVIDER_TYPE=saml
+# SSO_USERNAME=testuser
+# SSO_PASSWORD=Test@123
+# PLAYWRIGHT_TEST_BASE_URL=http://localhost:8585
+
+# For LDAP
+# SSO_PROVIDER_TYPE=ldap
+# SSO_USERNAME=testuser
+# SSO_PASSWORD=Test@123
+# PLAYWRIGHT_TEST_BASE_URL=http://localhost:8585
+
+# ============================================
+# Optional: Custom Test Users
+# ============================================
+# Add your own test users here and create them using the helper scripts
+# TEST_USER_1_USERNAME=customuser
+# TEST_USER_1_PASSWORD=Custom@123
+# TEST_USER_1_EMAIL=customuser@openmetadata.org