Uploaded image for project: 'Documentation'
  1. Documentation
  2. DOCU-2676

Keycloak integration config fix

    XMLWordPrintable

Details

    • Improvement
    • Resolution: Fixed
    • Neutral
    • None
    • None
    • None
    • None

    Description

      We found misleading configuration indications and found the problem as follows.

      In the chapter https://docs.magnolia-cms.com/magnolia-sso/3.1.0/index.html#_prerequisites where the configuration of the Group Membership mapper is Keycloak,  it is indicated to keep the Full group path flag ON (in the screenshot).

      With this setting, Magnolia module will not receive group name (e.g. "magnolia-sre") but the group path i.e. ("/magnolia-sre").

      Hence the mapping suggested in yaml config (at the point 5 ) will not match.

      Should change "magnolia-sre" in "/magnolia-sre" ....or alternatively maintain "magnolia-sre" but disable the "Full group path" flag in Keycloack.

      {{path: /.magnolia/admincentral
      callbackUrl: http://localhost:8080/.auth
      postLogoutRedirectUri: http://localhost:8080/.magnolia/admincentral
      authorizationGenerators:
        - name: groupsAuthorization
          groups:
            mappings:
              - name: /magnolia-sre
                targetGroups:
                  - publishers
                targetRoles:
                  - ...}}

       

      Checklists

        Acceptance criteria

        Attachments

          Activity

            People

              amansell Alex Mansell
              lpatocchi Lorenzo Patocchi
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: