Hopkins SSO

[JiaqiWang18]

Description

Implemented Hopkins SSO with SAML-based authentication.

• Created backend routes to initiate and process call-back SAML response
• Implemented frontend redirect logic to initiate authentication

Minor issues

• Currently, SSO skips the page that asks users to input their resume, age, gender, school, etc. This can be fixed by simply adding a pop-up box in https://hophacks.com/profile to inform them that they must fill out the relevant fields for their application to be considered.

Important notes

• To ensure SSO works, a settings.json that contains the SAML credentials must be added under api/src/saml/. This file must be uploaded to the production server as well.
• For local dev, need to add 127.0.0.1 hophacks.com in the system host file because SSO only works with the hophacks.com domain name.
• This feature was tested locally in an environment that mimics the production architecture with an nginx reverse proxy that sits in front of the frontend react app and backend flask app. Similar architecture must be produced locally to test SSO
• Thorough testing should be done in the prod environment to ensure the flow does not break existing logic as there seem to be no CI/CD or staging environment for these kinds of tests.