-
Bug
-
Resolution: Fixed
-
Major
-
3.0.0
-
None
-
None
-
Empty show more show less
-
AdminX 24
-
2
Intro:
I'm currently trying to use the recent version of magnolia-sso:3.0.
I followed the instructions on the documentation of the module, however it seems that property expansion in yaml files (see: https://docs.magnolia-cms.com/product-docs/6.2/Administration/Architecture/Configuration-management.html#_environment_variables) is not working, when the SSOCallbackServlet bean is loaded/created.
The module configuration itself seems to work. I also debugged the code and saw that on one occassion the env property is correctly resolved.
But this mechanism does not seem to work, when the SSOCallbackServlet is loaded.
Steps to reproduce
- Use magnolia-sso:3.0
- create a config.yaml definition in another maven module (filepath: /src/main/resources/magnolia-sso/config.yaml)
- Use env properties with !env directive (e.g.)
oidc.discoveryUri: !env ${oidc.discoveryUri}
- Provide env prop via IDE or shell
- start magnolia with -Dmagnolia.yaml.envsubst=true as VM option
Expected results
- SSO-Module is configured correctly
- SSOCallbackServlet can be created
Actual results
- SSO Module seems to be configured correctly (at least no error stackstrace during mgnl-startup)
- SSOCallbackServlet creation fails with stacktrace (see below)
2022-09-22 13:15:13,485 INFO info.magnolia.cms.filters.CompositeFilter : Initializing filter [Wrapper for DamDownloadServlet servlet] 2022-09-22 13:15:13,486 INFO info.magnolia.cms.filters.CompositeFilter : Initializing filter [Wrapper for SSOCallbackServlet servlet] 2022-09-22 13:15:13,487 ERROR info.magnolia.cms.filters.ServletDispatchingFilter: Unable to load servlet class info.magnolia.sso.SsoCallbackServlet : Failed to create instance of [class info.magnolia.sso.SsoCallbackServlet] info.magnolia.objectfactory.MgnlInstantiationException: Failed to create instance of [class info.magnolia.sso.SsoCallbackServlet] at info.magnolia.objectfactory.guice.GuiceComponentProvider.newInstanceWithParameterResolvers(GuiceComponentProvider.java:138) ~[magnolia-core-6.2.20.jar:?] at info.magnolia.objectfactory.guice.GuiceComponentProvider.newInstanceWithParameterResolvers(GuiceComponentProvider.java:120) ~[magnolia-core-6.2.20.jar:?] at ... //rest omitted Caused by: info.magnolia.objectfactory.MgnlInstantiationException: Failed to resolve param [0] of type [class info.magnolia.sso.config.Pac4jConfigProvider] at info.magnolia.objectfactory.ObjectManufacturer.resolveParameters(ObjectManufacturer.java:146) ~[magnolia-core-6.2.20.jar:?] at info.magnolia.objectfactory.ObjectManufacturer.newInstance(ObjectManufacturer.java:91) ~[magnolia-core-6.2.20.jar:?] ... //rest omitted Caused by: com.google.inject.ProvisionException: Unable to provision, see the following errors:1) Error injecting constructor, info.magnolia.config.source.yaml.YamlReaderException: YAML parsing error in LayeredResource{path='/magnolia-sso/config.yaml', layeredResources=[ClasspathResource{origin=classpath,path=/magnolia-sso/config.yaml,file}]} at line 22, column 21: oidc.discoveryUri: !env ${oidc.discoveryUri} ^: Can't construct a java object for !env; exception=Invalid tag: !env at info.magnolia.sso.config.Pac4jConfigProvider.<init>(Pac4jConfigProvider.java:79) at info.magnolia.objectfactory.guice.GuiceComponentConfigurationModule.bindImplementation(GuiceComponentConfigurationModule.java:160) (via modules: com.google.inject.util.Modules$OverrideModule -> com.google.inject.util.Modules$OverrideModule -> info.magnolia.objectfactory.guice.GuiceComponentProviderBuilder$1 -> info.magnolia.objectfactory.guice.GuiceComponentConfigurationModule) while locating info.magnolia.sso.config.Pac4jConfigProvider
Development notes
To me it seems that property expansion is not applied on the latter. My understanding was that property expansion is not working on yaml-decorations, but should work on yaml definitions. AFAIK the config.yaml should be a yaml-definition, right ?
Further notes:
- We are on mgnl 6.2.20, so yaml config instead of microprofile
- We could succesfully use magnolia-sso:2.0.6, but apperently we need the basic auth feature
Feature docu link: https://docs.magnolia-cms.com/product-docs/6.2/Administration/Architecture/Configuration-management.html#_environment_variables
Comment from mgeljic
interesting, I suppose we could support this via yamlReader#registerCustomConstruct(EnvSubst.TAG, new EnvSubst(...)); since SSO config typically contains client id/secret, env vars are legit and we don't have a more universal solution yet for injecting secrets at runtime. Worth noting that in MP config, env vars are supported ootb
- relates to
-
MGNLSSO-265 Possibility to implement custom SsoConfig
- Closed
- to be documented by
-
DOCU-2728 Update SSO docs re: passing secrets as environment variables
- Closed