Access-Boston
Dashboard to manage application access for employees
Config Repo: Edit what apps, icons and the URLs for those apps for several environments
Access-Boston Dashboard Web App
This web app serves as Dashboard
for the different apps, links, etc. that are available to City Of Boston
employees and contractors. It uses Single Sign On - SSO
via a services 3rd-party Ping
and identity verification via IdentityIQ
.
Application Logic Flow
Server Start
Connect to
Ping
endpoint[1]Connect to
IdentityIQ
endpoint[1]Init GraphQL Middleware
Read the
apps.yaml
config file to get all the links and assets to be displayed on theDashboard
User Logs in
The UI/UX presented to the users are build by the
Digital
team but some are hosted by theSecurity Team
on theirIIS
servers[2] .
When the logic request is made on the
IIS
template it triggers a set of redirects,Ping
for authentication viaSSO
(SAML
format) then back to our web app.On ERROR/FAILURE
: If the login fails, the user stays on that template page and error messages are displayed. If they choose toForgot Password
.On SUCCESS
: TheASP.NET
code redirects back to ourNode Server/Next.js
forgot password appview/page
On FORGOT/CHANGE PASSWORD
: TheirASP.NET
code redirects back to ourNode Server/Next.js
app to thepage
for them. Here, on form submission the web app uses the connection toIdentityIQ
to submit a change to theSecurity Teams
IQ
endpoint. See Dashboard - Endpoint Calls for details.LOGGED IN
: The usersDashboard
UI displays the icons and link to resources the user has access too. Their access is determine by whichgroups
andagency
they belongs too. Our web app gets the basic user information onLOGIN
via aSAML
response object, it contains (ID, Email, Name (First/Last)
). After app gets login confirmation via that simple (SAML
) object; the app makes a request to theIdentityIQ
endpoint for more information about the user See ./services-js/access-boston/src/server/services/SamlAuth.ts: Line 64.
[1] Connection remains open, secure behind AWS VPS, etc. [2] The templates hosted by the Security Team
are ASP.NET
files where Digital
HTML mixed with their server variables, etc. CSS (main.css) reference on the templates are also hosted in IIS
. The Template/Pages hosted by the Security Team
are:
Login
Change/Forgot Password
Error
Success
Last updated
Was this helpful?