ui5-middleware-onelogin

UI5 onelogin middleware

:wave: This is an open‑source, community‑driven project, developed and actively monitored by members of the UI5 community. You are welcome to use it, report issues, contribute enhancements, and support others in the community.

Middleware for ui5-server, enabling a generic login support.

The middleware will on first request try to login with the provided credentials and save the cookie for further requests. This uses playwright in a headless mode to run the login process. The first request will take longer.

This has been tested with Azure AD, Google, OpenAM and the SAP Gateway login pages.

Merge requests with other login handlers are more than welcome via pull request.

Prerequisites

• Requires at least @ui5/cli@3.0.0 (to support specVersion: "3.0")

:warning: UI5 CLI Compatibility All releases of this UI5 CLI extension using the major version 3 require UI5 CLI V3. Any previous releases below major version 3 (if available) also support older versions of the UI5 CLI. But the usage of the latest UI5 CLI is strongly recommended!

Install

npm install ui5-middleware-onelogin --save-dev

Configuration options (in $yourapp/ui5.yaml)

Currently you can define the properties in the configuration (see below) or the following environment variables are used.

• path: string either the url or the hostname and port of the SAP system
• subdirectory(optional): string the subdirectory that is appended to the path, defaults to the fiori launchpad at /sap/bc/ui2/flp
• username(optional): string Username to be used to login to the launchpad
• password(optional): stringPassword used to login
• useCertificate(optional): boolean use a certificate to login instead of username and password
• debug(optional): boolean true will open up the playwright browser so you can see what's going on

NB1: If you choose to use the certificate login then check the property AutoSelectCertificateForUrls in chrome://policy if it holds the url pattern for your system. Playwright has an issue to handle the certificate prompt. Another workaround is to set debug and useCertificate to true in the configuration and press ok when the prompt opens

NB2: If your system does not host a fiori launchpad, you will have to adjust the subdirectory to point to a different login protected page. In the case of a MII java stack that hosts an OData service, try setting subdirectory to XMII/PropertyAccessServlet?Mode=List

You can either add the following properties to your .env file, remember to add that to your .gitignore

• UI5_MIDDLEWARE_ONELOGIN_LOGIN_URL or UI5_MIDDLEWARE_SIMPLE_PROXY_BASEURI
• UI5_MIDDLEWARE_ONELOGIN_LOGIN_SUBDIRECTORY
• UI5_MIDDLEWARE_ONELOGIN_USERNAME
• UI5_MIDDLEWARE_ONELOGIN_PASSWORD
• UI5_MIDDLEWARE_ONELOGIN_USE_CERTIFICATE
• UI5_MIDDLEWARE_ONELOGIN_QUERY or UI5_MIDDLEWARE_SIMPLE_PROXY_QUERY
• UI5_MIDDLEWARE_ONELOGIN_DEBUG

Use of environment variables or values set in a .env file will be used.

Other options is to either set it in the yaml file or if left blank it will prompt you for the details.

You can choose to just add the url and let the rest be prompted in the terminal

Usage

• Define the dependency in $yourapp/package.json:

"devDependencies": {
    // ...
    "ui5-middleware-onelogin": "*"
    // ...
}

• configure it in $yourapp/ui5.yaml:

server:
  customMiddleware:
    - name: ui5-middleware-onelogin
      afterMiddleware: compression
      configuration:
        path: <Login URL>
        username: <Login User>
        password: <Login Password>
        useCertificate: true / false (use a certificate to login instead of username and password)
        debug: true / false (true will open up the playwright browser so you can see what's going on)
        query:
          sap-client: "206"

License

This work is dual-licensed under Apache 2.0 and the Derived Beer-ware License. The official license will be Apache 2.0 but finally you can choose between one of them if you use this work.