-
Bug
-
Resolution: Fixed
-
Major
-
2.0.4
-
None
-
None
-
Empty show more show less
-
AdminX 14
-
2
Steps to reproduce
- Define a custom REST endpoint and a dedicated ContainerRequestFilter to handle the authentication over JWT through the Authorization header
- Allow anonymous access on that endpoint to bypass the Magnolia login process
Expected results
The request hits directly the ContainerRequestFilter, which will take care of the Authorization.
Actual results
The SSO filter intercepts the request and stops it as the passed token has not been signed by the IDP configured in the SSO config.
Workaround
As mentioned in the Slack thread by Nguyen Phung, we could extend the SSO module and remove the Header matcher defined here
https://git.magnolia-cms.com/projects/ENTERPRISE/repos/magnolia-sso/browse/magnolia-sso[…]agnolia/sso/SsoModule.java?at=refs%2Fheads%2Frelease%2F2.0
But that'll require customizing the module which is not ideal.
Development notes
Acceptance criteria
1.
|
Implementation | Completed | Nguyen Phung Chi | |
2.
|
Review | Completed | Evzen Fochr | |
3.
|
PiQA | Closed | Unassigned | |
4.
|
Final QA | Completed | Evzen Fochr |