Access-Boston

Dashboard to manage application access for employees

  • Config Repo: Edit what apps, icons and the URLs for those apps for several environments

Access-Boston Dashboard Web App

This web app serves as Dashboard for the different apps, links, etc. that are available to City Of Boston employees and contractors. It uses Single Sign On - SSO via a services 3rd-party Ping and identity verification via IdentityIQ.

Application Logic Flow

  1. Server Start

    1. Connect to Ping endpoint[1]

    2. Connect to IdentityIQ endpoint[1]

    3. Init GraphQL Middleware

  2. Read the apps.yaml config file to get all the links and assets to be displayed on the Dashboard

  3. User Logs in

    1. The UI/UX presented to the users are build by the Digital team but some are hosted by the Security Team on their IIS servers[2] .

  4. When the logic request is made on the IIS template it triggers a set of redirects, Ping for authentication via SSO (SAML format) then back to our web app.

    1. On ERROR/FAILURE: If the login fails, the user stays on that template page and error messages are displayed. If they choose to Forgot Password.

    2. On SUCCESS: The ASP.NET code redirects back to our Node Server/Next.js forgot password app view/page

  5. On FORGOT/CHANGE PASSWORD: Their ASP.NET code redirects back to our Node Server/Next.js app to the page for them. Here, on form submission the web app uses the connection to IdentityIQ to submit a change to the Security Teams IQ endpoint. See Dashboard - Endpoint Calls for details.

  6. LOGGED IN: The users Dashboard UI displays the icons and link to resources the user has access too. Their access is determine by which groups and agency they belongs too. Our web app gets the basic user information on LOGIN via a SAML response object, it contains (ID, Email, Name (First/Last)). After app gets login confirmation via that simple (SAML) object; the app makes a request to the IdentityIQ endpoint for more information about the user See ./services-js/access-boston/src/server/services/SamlAuth.ts: Line 64.

[1] Connection remains open, secure behind AWS VPS, etc. [2] The templates hosted by the Security Team are ASP.NET files where Digital HTML mixed with their server variables, etc. CSS (main.css) reference on the templates are also hosted in IIS. The Template/Pages hosted by the Security Team are:

  • Login

  • Change/Forgot Password

  • Error

  • Success

Last updated

Was this helpful?