-
Task
-
Resolution: Fixed
-
Neutral
-
None
-
None
-
None
Discussions in SRE-1250 have led to the following conclusions:
pac4j needs to be aligned with Magnolia's securityfor instance, in Magnolia default's security, a public instance allows anonymous access. pac4j is not aware of thator if a Magnolia public website protects a member area, pac4j will not pick up on it. (This use case is not yet supported but will one day.)
the way it is done now, pac4j matchers are created on a case-by-case basis to mimic Magnolia's securityit should however be possible to dynamically resolve what security Magnolia would apply to a requested path, and to allow/disallow anonymous based on that
—
This ticket's initial intent was to make pac4j copy Magnolia's security in the 99% of URLs where pac4j doesn't need to be in front of Magnolia. However, only enabling pac4j on desired target URLs such as Admincentral solves the problem with a better approach, and less code on top of that.
Acceptance criteria
- is causing
-
MGNLSSO-35 Allow Magnolia to be used as pac4j middle-man in PUR scenarios
- Closed
- mentioned in
-
Page Loading...