-
Story
-
Resolution: Fixed
-
Major
-
None
-
None
-
None
-
-
Empty show more show less
-
Yes
-
Yes
-
AdminX 25, AdminX 26 Xmas & New year
-
3
Context
Currently, magnolia-sso module is using Pac4j version 5.4.6, and Pac4j has released 5.7.x quite some times.
ACs:
- Make use of the latest Pac4j version 5.7.x (current is 5.7.0) to have better shape for SSO module
Development notes:
I had a scan through the change log (https://github.com/pac4j/pac4j/blob/master/documentation/docs/release-notes.md#jdk11) from 5.4.6 to 5.7.0, there is a change could impact the SSO module directly:
v5.7.0:
The oauth.getProfileCreator() and the oidc.getProfileCreator() can directly be used in the ParameterClient, HeaderClient and DirectBearerAuthClient for bearer calls; Deprecated the UserInfoOidcAuthenticator
Cause we are using UserInfoOidcAuthenticator for HTTP Bearer authentication, cc mgeljic . So, we have to review this and find an alternative authenticator.
Discovery
- In general, this will not have any blocker issue in the upgrade process
- About the deprecated UserInfoOidcAuthenticator , we can still use the authenticator or even better to refactor it to use oidc.getProfileCreator() instead
- is causing
-
MGNLSSO-231 Improve error messages when pac4j configuration is not valid and/or add validation and/or add default values where it is reasonable
- Open
- is related to
-
MGNLSSO-219 Remove usage of deprecated code in pac4j
- Open