Skip to content

Hide SPA OIDC Providers from JSF login screen #11922

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
ekraffmiller merged 23 commits into from
Jan 22, 2026
Merged

Hide SPA OIDC Providers from JSF login screen #11922

ekraffmiller merged 23 commits into from
Jan 22, 2026

Conversation

@stevenwinship
Copy link
Contributor

@stevenwinship stevenwinship commented Oct 23, 2025
edited
Loading

What this PR does / why we need it: Some OIDC providers created for SPA fail when selected in JSF UI login screen. These need to only show in the SPA login screen.

Which issue(s) this PR closes: #11606

Special notes for your reviewer:

Suggestions on how to test this: See AdminIT for setup.

Does this PR introduce a user interface change? If mockups are available, please link/include them here: No

Is there a release notes update needed for this change?: included

Additional documentation:

@stevenwinship stevenwinship self-assigned this Oct 23, 2025
@github-actions github-actions bot added FY26 Sprint 1 FY26 Sprint 1 (2025-07-02 - 2025-07-16) FY26 Sprint 2 FY26 Sprint 2 (2025-07-16 - 2025-07-30) FY26 Sprint 3 (2025-07-30 - 2025-08-13) FY26 Sprint 4 FY26 Sprint 4 (2025-08-13 - 2025-08-27) FY26 Sprint 5 FY26 Sprint 5 (2025-08-27 - 2025-09-10) FY26 Sprint 6 FY26 Sprint 6 (2025-09-10 - 2025-09-24) FY26 Sprint 7 FY26 Sprint 7 (2025-09-24 - 2025-10-08) FY26 Sprint 8 FY26 Sprint 8 (2025-10-08 - 2025-10-22) FY26 Sprint 9 FY26 Sprint 9 (2025-10-22 - 2025-11-05) GREI Re-arch Issues related to the GREI Dataverse rearchitecture labels Oct 23, 2025
@stevenwinship stevenwinship moved this to In Progress 💻 in IQSS Dataverse Project Oct 23, 2025
@github-actions github-actions bot added Original size: 10 Size: 10 A percentage of a sprint. 7 hours. SPA These changes are required for the Dataverse SPA SPA.Q3.2025 Not related to any specific Q3 2025 feature Type: Feature a feature request labels Oct 23, 2025
@github-actions
Copy link

github-actions bot commented Oct 23, 2025

Coverage Status

coverage: 23.508% (+0.002%) from 23.506%
when pulling e9f6b71 on 11606-hide-spa-oidc-providers-from-jsf-login-screen
into a696b36 on develop.

@github-actions

This comment has been minimized.

Sign in to view
@github-actions

This comment has been minimized.

Sign in to view
@github-actions

This comment has been minimized.

Sign in to view
1 similar comment
@github-actions

This comment has been minimized.

Sign in to view
@github-actions

This comment has been minimized.

Sign in to view
2 similar comments
@github-actions

This comment has been minimized.

Sign in to view
@github-actions

This comment has been minimized.

Sign in to view
@github-actions

This comment has been minimized.

Sign in to view
@github-actions

This comment has been minimized.

Sign in to view
@github-actions

This comment has been minimized.

Sign in to view
@stevenwinship stevenwinship moved this from In Progress 💻 to Ready for Review ⏩ in IQSS Dataverse Project Jan 21, 2026
@stevenwinship stevenwinship removed their assignment Jan 21, 2026
@ekraffmiller ekraffmiller mentioned this pull request Jan 21, 2026
Open
@ekraffmiller ekraffmiller mentioned this pull request Jan 21, 2026
Open
@github-actions
Copy link

github-actions bot commented Jan 21, 2026

📦 Pushed preview images as

ghcr.io/gdcc/dataverse:11606-hide-spa-oidc-providers-from-jsf-login-screen

ghcr.io/gdcc/configbaker:11606-hide-spa-oidc-providers-from-jsf-login-screen

🚢 See on GHCR. Use by referencing with full name as printed above, mind the registry name.

qqmyers
qqmyers approved these changes Jan 21, 2026
View reviewed changes
Copy link
Member

@qqmyers qqmyers left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good. This makes the new MPConfig settings the only way to configure an SPA-only provider. Per the discussion - further changes might be needed if/when the JSF is dropped, or the SPA needs more than one provider, or there are more UIs, etc.

I'm leaving a comment about the doc wording but won't hold up approval for it.

@github-project-automation github-project-automation bot moved this from Ready for Review ⏩ to Ready for QA ⏩ in IQSS Dataverse Project Jan 21, 2026
qqmyers
qqmyers reviewed Jan 21, 2026
View reviewed changes
doc/release-notes/11606-hide-spa-oidc-providers-from-jsf-login-screen.md

For Dataverse instances deploying both the current JSF UI and the new SPA UI, this fix allows the OIDC Keycloak provider configured for the SPA to be hidden in the JSF UI (useful in cases where it would duplicate other configured providers).

Note: The API to create a new Auth Provider can only be used to create a provider for both JSF and SPA. Use JVM / MicroProfile config setting to create SPA only providers.
Copy link
Member

@qqmyers qqmyers Jan 21, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Something like: Note: If you are using the old and new Dataverse UIs, you must use JVM/MPConfig to create the SPA provider if the old UI will continue using other providers (registered via the API).

qqmyers
qqmyers reviewed Jan 21, 2026
View reviewed changes
doc/sphinx-guides/source/api/native-api.rst

POST http://$SERVER/api/admin/authenticationProviders

.. note:: This endpoint will create providers for both JSF and SPA. Use :ref:`jvm-options` / *MicroProfile Config* if you need to create SPA only providers.
Copy link
Member

@qqmyers qqmyers Jan 21, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If you use this API to add an OIDC provider for use with the new (SPA) Dataverse UI, it will also be visible in the old (JSF) UI. To avoid this, use the :ref:jvm-options / MicroProfile Config to create an SPA-only provider.

@ekraffmiller ekraffmiller self-assigned this Jan 22, 2026
@ekraffmiller ekraffmiller moved this from Ready for QA ⏩ to QA ✅ in IQSS Dataverse Project Jan 22, 2026
@ekraffmiller
Copy link
Contributor

ekraffmiller commented Jan 22, 2026

Tested this with and without additional auth providers configured. The login works as expected from both JSF and SPA.

@ekraffmiller ekraffmiller merged commit a843c84 into develop Jan 22, 2026
15 checks passed
@github-project-automation github-project-automation bot moved this from QA ✅ to Merged 🚀 in IQSS Dataverse Project Jan 22, 2026
@pdurbin pdurbin added this to the 6.10 milestone Jan 23, 2026
@pdurbin pdurbin moved this from Merged 🚀 to Done 🧹 in IQSS Dataverse Project Jan 26, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@qqmyers qqmyers qqmyers approved these changes

@github-actions github-actions[bot] github-actions[bot] left review comments

@poikilotherm poikilotherm Awaiting requested review from poikilotherm poikilotherm is a code owner

@pdurbin pdurbin Awaiting requested review from pdurbin pdurbin is a code owner

Assignees

No one assigned

Labels

FY26 Sprint 1 FY26 Sprint 1 (2025-07-02 - 2025-07-16) FY26 Sprint 2 FY26 Sprint 2 (2025-07-16 - 2025-07-30) FY26 Sprint 3 (2025-07-30 - 2025-08-13) FY26 Sprint 4 FY26 Sprint 4 (2025-08-13 - 2025-08-27) FY26 Sprint 5 FY26 Sprint 5 (2025-08-27 - 2025-09-10) FY26 Sprint 6 FY26 Sprint 6 (2025-09-10 - 2025-09-24) FY26 Sprint 7 FY26 Sprint 7 (2025-09-24 - 2025-10-08) FY26 Sprint 8 FY26 Sprint 8 (2025-10-08 - 2025-10-22) FY26 Sprint 9 FY26 Sprint 9 (2025-10-22 - 2025-11-05) FY26 Sprint 10 FY26 Sprint 10 (2025-11-05 - 2025-11-19) FY26 Sprint 11 FY26 Sprint 11 (2025-11-20 - 2025-12-03) FY26 Sprint 12 FY26 Sprint 12 (2025-12-03 - 2025-12-17) FY26 Sprint 14 FY26 Sprint 14 (2025-12-31 - 2026-01-14) FY26 Sprint 15 FY26 Sprint 15 (2026-01-14 - 2026-01-28) GREI Re-arch Issues related to the GREI Dataverse rearchitecture Original size: 10 Project: HDV SPA Rollout Size: 10 A percentage of a sprint. 7 hours. SPA.Q3.2025 Not related to any specific Q3 2025 feature SPA These changes are required for the Dataverse SPA Type: Feature a feature request

Projects

IQSS Dataverse Project
Status: Done 🧹

Milestone

6.10

Development

Successfully merging this pull request may close these issues.

Hide the SPA OIDC providers from the JSF login screen

6 participants

@stevenwinship @ekraffmiller @qqmyers @pdurbin @cmbz