Skip to content

DPC-5159 multi csp user POC#2896

Open
jdettmannnava wants to merge 20 commits intojd/dpc-5127-multiple-oidcfrom
jd/dpc-5159-multi-csp-user
Open

DPC-5159 multi csp user POC#2896
jdettmannnava wants to merge 20 commits intojd/dpc-5127-multiple-oidcfrom
jd/dpc-5159-multi-csp-user

Conversation

@jdettmannnava
Copy link
Contributor

@jdettmannnava jdettmannnava commented Feb 2, 2026
edited
Loading

Not for merge.

🎫 Ticket

https://jira.cms.gov/browse/DPC-5159

🛠 Changes

  • New model with migration: IdpUid to store foreign keys for CSPs
  • Updated login flow to use IdpUid
  • Updated user-creation flow in invitations controller to use IdpUid

ℹ️ Context

We need to support the ability of each user to log in to the portal with multiple CSPs.
Note: because of the way we fake the CPI API Gateway, most Authrorized Officials share the same PacId. Therefore, unlike in production, where each user will have their own PacId, we cannot bind multiple CSPs to the same user by PacId in local, dev, test, and sandbox environments. That is why we use the email address to deduplicate all users in the lower environments. We do want to test this flow, which is why we also bind AOs on PacId while running automated tests.

🧪 Validation

Updated Manual tests.
Logged in as same user using multiple IdPs.

@jdettmannnava jdettmannnava changed the base branch from main to jd/dpc-5127-multiple-oidc February 2, 2026 21:46
@jdettmannnava jdettmannnava changed the base branch from jd/dpc-5127-multiple-oidc to main February 2, 2026 21:48
@jdettmannnava jdettmannnava changed the base branch from main to jd/dpc-5127-multiple-oidc February 2, 2026 21:48
@jdettmannnava jdettmannnava marked this pull request as ready for review February 3, 2026 20:45
@jdettmannnava jdettmannnava requested a review from a team as a code owner February 3, 2026 20:45
MEspositoE14s
MEspositoE14s approved these changes Feb 4, 2026
View reviewed changes
Copy link
Contributor

@MEspositoE14s MEspositoE14s left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM as far as I understand the way this is supposed to work 👍

ashley-weaver
ashley-weaver approved these changes Feb 5, 2026
View reviewed changes
Copy link
Contributor

@ashley-weaver ashley-weaver left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Makes sense to me

@Jose-verdance
Copy link
Contributor

Jose-verdance commented Feb 5, 2026

Hi @jdettmannnava, this changes look good. I see that you mentioned being able to successfully log in with multiple idps. I have your branch running locally and was wondering how I can also do this? I just see the option for login.gov.

image

@jdettmannnava
Copy link
Contributor Author

jdettmannnava commented Feb 5, 2026
edited
Loading

Hi @jdettmannnava, this changes look good. I see that you mentioned being able to successfully log in with multiple idps. I have your branch running locally and was wondering how I can also do this? I just see the option for login.gov.

@Jose-verdance
Well, it isn't technically multiple idps. I just changed the name of the provider in omniauth.rb and views/users/sessions/new.html.erb openid_connect and tested it that way.

jdettmannnava and others added 9 commits February 9, 2026 11:39
@jdettmannnava
Merge branch 'main' into jd/dpc-5159-multi-csp-user
2ac2159
@jdettmannnava
Merge branch 'main' into jd/dpc-5159-multi-csp-user
48bd7b0
@jdettmannnava
Merge branch 'jd/dpc-5127-multiple-oidc' into jd/dpc-5159-multi-csp-user
d08ec6a
@ashley-weaver
[DPC-5081] Standardize navigation (#2904)
7baf4dc 
## 🎫 Ticket

https://jira.cms.gov/browse/DPC-5081

## 🛠 Changes

Makes site navigation consistent across pages.

## ℹ️ Context

Standardizing navigation across the site will allow for a more
consistent user experience.

## 🧪 Validation

TOS - added "return to organization list" link, removed "cancel" button
<img width="1016" height="778" alt="image"
src="https://github.com/user-attachments/assets/226e17ae-32cc-42d5-a92a-cf02aca1772a"
/>

Org detail - added "return to organization list" link
<img width="988" height="785" alt="image"
src="https://github.com/user-attachments/assets/55ff6c7f-26af-4d24-b84d-9535e449bfee"
/>

Assign CD - added "back to organization" link, removed "go back" button
<img width="585" height="928" alt="image"
src="https://github.com/user-attachments/assets/041de676-9aff-4831-915a-3725bdfa5c0e"
/>

Generate token - added "back to organization" link
<img width="510" height="415" alt="image"
src="https://github.com/user-attachments/assets/f4a57a96-fc57-44a4-b20d-03bc573e6e33"
/>

Add key - added "back to organization" link
<img width="525" height="933" alt="image"
src="https://github.com/user-attachments/assets/bc58f70c-6e3f-43b6-b00d-184bd13f3b07"
/>

Add IP - added "back to organization" link
<img width="551" height="589" alt="image"
src="https://github.com/user-attachments/assets/7033abb0-2a77-4cde-888d-7d9f550f6aba"
/>

Show token - added "back to organization" link, removed "return to
portal" button
<img width="615" height="547" alt="image"
src="https://github.com/user-attachments/assets/4e7ff1c9-2c84-49b8-ad74-0e27e1d05a26"
/>
@jdettmannnava
Merge branch 'main' into jd/dpc-5159-multi-csp-user
8ef1481
@ashley-weaver
Remove portal orphans (#2908)
749fd0d 
## 🎫 Ticket

No ticket.

## 🛠 Changes

Removed orphan Docker containers at end of portal test scripts.

## ℹ️ Context

Our current commands for testing the portal modules locally leave orphan
containers after each run, which uses extra disk space.

## 🧪 Validation

Removes orphan containers locally.
@jdettmannnava
Merge branch 'main' into jd/dpc-5159-multi-csp-user
007af40
@lukey-luke
[DPC-5169] add lookbook to test env (#2909)
3b91536 
## 🎫 Ticket

[DPC-5169](https://jira.cms.gov/browse/DPC-5169)

## 🛠 Changes

<!-- What was added, updated, or removed in this PR? -->
- update routes to include lookbook routes for when `"ENV" == "test"`

## ℹ️ Context

<!-- Why were these changes made? Add background context suitable for a
non-technical audience. -->

<!-- If any of the following security implications apply, this PR must
not be merged without Stephen Walter's approval. Explain in this section
and add @SJWalter11 as a reviewer.
  - Adds a new software dependency or dependencies.
  - Modifies or invalidates one or more of our security controls.
  - Stores or transmits data that was not stored or transmitted before.
- Requires additional review of security implications for other reasons.
-->
- working with content + design in sprint 1.3, I discovered that some
application states are difficult to reproduce, like the error message
for Login.gov being unavailable
- For folks to review these types of messages, lookbook is an easier
option than having developers force certain application states
- By adding lookbook to _test_, all content review can be done on _test_
between logged in views requiring AO invite as well as navigating to
https://test.dpc.cms.gov/portal/lookbook

## 🧪 Validation

<!-- How were the changes verified? Did you fully test the acceptance
criteria in the ticket? Provide reproducible testing instructions and
screenshots if applicable. -->
Manually tested this in _test_ environment
<img width="1275" height="600" alt="Screenshot 2026-02-12 at 5 06 40 PM"
src="https://github.com/user-attachments/assets/361ad1c0-4b2a-493f-90e1-e468a31e4b00"
/>
@jdettmannnava
Merge branch 'main' into jd/dpc-5159-multi-csp-user
012224b
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@MEspositoE14s MEspositoE14s MEspositoE14s approved these changes

@ashley-weaver ashley-weaver ashley-weaver approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@jdettmannnava @Jose-verdance @MEspositoE14s @ashley-weaver @lukey-luke