Load cacerts in sso

assets/js/pages/Login/Login.test.jsx

@@ -206,5 +206,26 @@ describe('Login component', () => {
       });
       expect(loginButton).toBeVisible();
     });
+
+    it('should display an error message is the SSO url is empty', async () => {
+      jest.spyOn(authConfig, 'isSingleSignOnEnabled').mockReturnValue(true);
+      jest.spyOn(authConfig, 'getSingleSignOnLoginUrl').mockReturnValue('');
+
+      const [StatefulLogin] = withState(<Login />, {
+        user: {
+          loggedIn: false,
+          authInProgress: false,
+        },
+      });
+
+      renderWithRouter(StatefulLogin);
+
+      await waitFor(() =>
+        screen.getByText(
+          `An error occurred while trying to access the Single Sign-On IDP host.`,
+          { exact: false }
+        )
+      );
+    });
   });
 });

assets/js/pages/Login/LoginSSO.jsx

@@ -3,6 +3,15 @@ import React from 'react';
 import Button from '@common/Button';
 
 export default function LoginSSO({ singleSignOnUrl, error }) {
+  if (!singleSignOnUrl) {
+    return (
+      <span className="block text-sm font-medium">
+        An error occurred while trying to access the Single Sign-On IDP host.
+        Should the error persist, contact the administrator.
+      </span>
+    );
+  }
+
   return (
     <>
       {error && (

assets/js/pages/SSOCallback/SSOCallback.test.jsx

@@ -4,6 +4,7 @@ import 'intersection-observer';
 import '@testing-library/jest-dom';
 import userEvent from '@testing-library/user-event';
 import { withState, renderWithRouterMatch } from '@lib/test-utils';
+import * as authConfig from '@lib/auth/config';
 import SSOCallback from './SSOCallback';
 
 describe('SSOCallback component', () => {
@@ -50,6 +51,10 @@ describe('SSOCallback component', () => {
   it('should display an error message if authentication fails', async () => {
     const user = userEvent.setup();
 
+    jest
+      .spyOn(authConfig, 'getSingleSignOnLoginUrl')
+      .mockReturnValue('http://idp-url');
+
     const [StatefulOidCallback] = withState(<SSOCallback />, {
       user: {
         authError: true,

config/runtime.exs

@@ -185,6 +185,8 @@ if config_env() in [:prod, :demo] do
     )
   end
 
+  config :assent, http_adapter: {Assent.HTTPAdapter.Httpc, [ssl: [cacerts: cacerts]]}
+
   config :trento, :oidc,
     enabled: enable_oidc,
     callback_url:

lib/trento_web/controllers/page_controller.ex

@@ -1,6 +1,8 @@
 defmodule TrentoWeb.PageController do
   use TrentoWeb, :controller
 
+  require Logger
+
   def index(conn, _params) do
     check_service_base_url = Application.fetch_env!(:trento, :checks_service)[:base_url]
     charts_enabled = Application.fetch_env!(:trento, Trento.Charts)[:enabled]
@@ -57,15 +59,19 @@ defmodule TrentoWeb.PageController do
   defp sso_details_for_provider(conn, provider) do
     full_callback_url = Application.fetch_env!(:trento, provider)[:callback_url]
     enrollment_provider = "#{provider}_local"
+    enrollment_url = ~p"/api/session/#{enrollment_provider}/callback"
 
     %URI{path: callback_url} =
       URI.parse(full_callback_url)
 
-    {:ok, login_url, _} =
-      PowAssent.Plug.authorize_url(conn, enrollment_provider, full_callback_url)
+    case PowAssent.Plug.authorize_url(conn, enrollment_provider, full_callback_url) do
+      {:ok, login_url, _} ->
+        {true, callback_url, login_url, enrollment_url}
 
-    enrollment_url = ~p"/api/session/#{enrollment_provider}/callback"
+      {:error, reason, _} ->
+        Logger.error("error getting SSO authorization url: #{inspect(reason)}")
 
-    {true, callback_url, login_url, enrollment_url}
+        {true, "", "", ""}
+    end
   end
 end

mix.exs

@@ -36,7 +36,7 @@ defmodule Trento.MixProject do
   def application do
     [
       mod: {Trento.Application, []},
-      extra_applications: [:logger, :runtime_tools]
+      extra_applications: [:logger, :runtime_tools, :inets]
     ]
   end