AdminGit2026/nis2-agile
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

[INTEG] Aggiorna integrazioniext.html con token exchange, SSO e audit

Browse Source 
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
DevEnv nis2-agile 2026-03-07 14:47:10 +01:00
parent 1f534db33a
commit 29aaf5db88
1 changed files with 33 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
public/integrazioniext.html
View File

@ -264,6 +264,8 @@
<tr><th>Metodo</th><th>Endpoint</th><th>Scope</th><th>Descrizione</th></tr> <tr><th>Metodo</th><th>Endpoint</th><th>Scope</th><th>Descrizione</th></tr>
</thead> </thead>
<tbody> <tbody>
<tr><td><span class="method-post">POST</span></td><td><code>/token</code></td><td>read:all</td><td>Token exchange: API Key → JWT 15 min. lg231 usa questo JWT per le chiamate successive.</td></tr>
<tr><td><span class="method-post">POST</span></td><td><code>/sso</code></td><td>sso:login (o read:all)</td><td>SSO federato: passa email + ruolo + responsabilità → JWT NIS2 2h. Utente creato se non esiste. Auditato.</td></tr>
<tr><td><span class="method-get">GET</span></td><td><code>/status</code></td><td></td><td>Health check piattaforma, versione, DB. Nessuna auth.</td></tr> <tr><td><span class="method-get">GET</span></td><td><code>/status</code></td><td></td><td>Health check piattaforma, versione, DB. Nessuna auth.</td></tr>
<tr><td><span class="method-get">GET</span></td><td><code>/compliance-summary</code></td><td>read:compliance</td><td>Score NIS2 aggregato (0-100), domain scores Art.21, rischi aperti, incidenti</td></tr> <tr><td><span class="method-get">GET</span></td><td><code>/compliance-summary</code></td><td>read:compliance</td><td>Score NIS2 aggregato (0-100), domain scores Art.21, rischi aperti, incidenti</td></tr>
<tr><td><span class="method-get">GET</span></td><td><code>/risks/feed</code></td><td>read:risks</td><td>Registro rischi con livello ISO 27005, status, area. Filtri: <code>?level=high,critical&status=open</code></td></tr> <tr><td><span class="method-get">GET</span></td><td><code>/risks/feed</code></td><td>read:risks</td><td>Registro rischi con livello ISO 27005, status, area. Filtri: <code>?level=high,critical&status=open</code></td></tr>
@ -394,6 +396,37 @@ $incidents = Nis2Client::get(<span class="str">'/incidents/feed'</span>, $apiKey
<span class="cmt">// reference_id: $inc['id']</span> <span class="cmt">// reference_id: $inc['id']</span>
}</div> }</div>
<div class="section-title">3b. SSO federato — apertura diretta NIS2 da lg231</div>
<div class="callout">
Quando un utente lg231 clicca "Apri NIS2" dal suo dashboard, lg231 chiama
<code>POST /api/services/sso</code> e redirige l'utente su NIS2 già autenticato,
portando con sé ruolo e responsabilità. Ogni accesso SSO è tracciato nell'audit trail.
</div>
<div class="code-block"><span class="cmt">// In lg231, quando l'utente clicca "Apri NIS2 Agile":</span>
$ssoResp = Nis2Client::post(<span class="str">'/sso'</span>, $apiKey, [
<span class="str">'user_email'</span> => $currentUser[<span class="str">'email'</span>],
<span class="str">'user_name'</span> => $currentUser[<span class="str">'first_name'</span>] . <span class="str">' '</span> . $currentUser[<span class="str">'last_name'</span>],
<span class="str">'user_role'</span> => <span class="str">'compliance_manager'</span>, <span class="cmt">// mappa da ruolo lg231</span>
<span class="str">'caller_system'</span> => <span class="str">'lg231'</span>,
<span class="str">'caller_user_id'</span> => $currentUser[<span class="str">'id'</span>],
<span class="str">'responsibilities'</span> => [
[<span class="str">'area'</span> => <span class="str">'MOG 231'</span>, <span class="str">'scope'</span> => <span class="str">'art.24-bis criminalità informatica'</span>],
[<span class="str">'area'</span> => <span class="str">'OdV'</span>, <span class="str">'scope'</span> => <span class="str">'monitoraggio cyber risk'</span>],
],
]);
<span class="kw">if</span> ($ssoResp[<span class="str">'success'</span>]) {
$jwt = $ssoResp[<span class="str">'data'</span>][<span class="str">'data'</span>][<span class="str">'token'</span>];
$redirectUrl = $ssoResp[<span class="str">'data'</span>][<span class="str">'data'</span>][<span class="str">'redirect_url'</span>];
<span class="cmt">// Redirect con token nel fragment (sicuro, non nel server log)</span>
header(<span class="str">'Location: '</span> . $redirectUrl . <span class="str">'#sso_token='</span> . urlencode($jwt));
}</div>
<div class="callout">
<strong>NIS2 lato frontend</strong>: in <code>dashboard.html</code> aggiungere:<br>
<code>const ssoToken = location.hash.match(/#sso_token=([^&]+)/)?.[1];</code><br>
<code>if (ssoToken) { localStorage.setItem('nis2_token', ssoToken); location.hash = ''; }</code>
</div>
<div class="section-title">Checklist implementazione lg231</div> <div class="section-title">Checklist implementazione lg231</div>
<ul class="checklist"> <ul class="checklist">
<li>company-ms: aggiungere <code>nis2_api_key</code>, <code>nis2_org_id</code>, <code>nis2_enabled</code> a provider-config</li> <li>company-ms: aggiungere <code>nis2_api_key</code>, <code>nis2_org_id</code>, <code>nis2_enabled</code> a provider-config</li>