40 lines
1.9 KiB
Org Mode
40 lines
1.9 KiB
Org Mode
|
# Created 2020-09-22 Tue 11:47
|
||
|
#+TITLE: Work Time Tracker
|
||
|
#+AUTHOR: Yann Esposito
|
||
|
* CSA Migration Epic
|
||
|
|
||
|
This issue should be the entry point for all tasks related to CSA Migration
|
||
|
work to be done in IROH Services.
|
||
|
|
||
|
1. There should be a migration route restricted to admins so all users of
|
||
|
the org should be sent a migration email. Should be similar to invites
|
||
|
but containing their =user-id= info to update the =idp-mapping=.
|
||
|
2. Keep track of the old and new =idp-mapping= in the org, can be used to
|
||
|
detect if an org has been migrated. We could also add a =migrated?= flag.
|
||
|
3. Use the old =idp-mapping= of orgs so they could be used by the
|
||
|
=claim-aliases= in order not to break SSE and keep saying AMP even after
|
||
|
the org migrated to SxSO.
|
||
|
|
||
|
** Tasks
|
||
|
|
||
|
- [ ] Init =idp-mapping= into orgs (right now this is not used)
|
||
|
- [ ] Add a migration process that will use users =idp-mappings= with an
|
||
|
heuristic to initialize the =idp-mapping= of their org.
|
||
|
- [ ] During org creation add the =idp-mapping=.
|
||
|
- [ ] Create a new system along Invite to enable migration of user to a new
|
||
|
IdP (SxSO)
|
||
|
- [ ] Create a migration flow that should be similar to the invite flow
|
||
|
just this time the =user-id= will also be part of the internal state so
|
||
|
when a user login from the new IdP we could update the user instead of
|
||
|
creating a new one.
|
||
|
- [ ] Create a =org-migrate= route so when I admin click on that one
|
||
|
every user of the org receive a migration email. And the route should
|
||
|
redirect the user to the migration link for this user so the user will
|
||
|
not need to check his mails. We should probably send the email anyway
|
||
|
perhaps with a specific message.
|
||
|
- [ ] The migration process should change the =idp-mapping= of the org and
|
||
|
keep track of an =old-idp-mapping=.
|
||
|
- [ ] Update the claim alias implentation to use =old-idp-mapping=
|
||
|
- [ ] Update all the SSE OpenID Connect clients to use that
|
||
|
=old-idp-mapping=.
|