Implement SSO with MFA for Login Management and Kubernetes Integration

[tsviz]

Background

Currently, login management is not fully visible in the codebase, and there is a need to enhance authentication by implementing Single Sign-On (SSO) with Multi-Factor Authentication (MFA). This will improve security and user experience, especially for enterprise and cloud deployments.

Acceptance Criteria

• Integrate Spring Security with an external Identity Provider (IdP) (e.g., Azure AD, Okta, Google) for SSO using OAuth2/OpenID Connect.
• Enforce MFA for all users during login, using TOTP (authenticator app) or IdP-provided MFA.
• Secure session management (HTTP-only, secure cookies, session timeout).
• Protect all sensitive endpoints and resources.
• Provide clear error messages and audit logging for authentication events.
• Update or create documentation for login, SSO, and MFA setup.
• Ensure the solution works in Kubernetes (k8s) deployments:
  • All secrets (client IDs, secrets, MFA keys) are stored securely (Kubernetes secrets or external vault).
  • Any required environment variables or config maps are documented and referenced in k8s manifests.
  • Health/readiness/liveness probes are not affected by authentication changes.
  • Update Helm charts and k8s manifests as needed.

Implementation Notes

• Use Spring Security best practices for SSO and MFA.
• For k8s, use secrets for sensitive data and document all changes in the deployment manifests and Helm charts.
• Test authentication flow in both local and k8s environments.

---

Please review and refine acceptance criteria as needed.

[copilot-swe-agent]

@tsviz I hit the following errors while trying to work on issue #113.

• A branch named copilot already exists. To learn how to delete a branch, head to the GitHub Docs.

After resolving these issues, you can ask me to try again by unassigning and then reassigning the issue to me again.