Uploaded image for project: 'Single Sign On'
  1. Single Sign On
  2. MGNLSSO-23

Only run SSO authentication on selected paths

    XMLWordPrintable

Details

    • Task
    • Resolution: Fixed
    • Neutral
    • 1.0
    • None
    • None
    • None

    Description

      Discussions in SRE-1250 have led to the following conclusions:

      • pac4j needs to be aligned with Magnolia's security
        • for instance, in Magnolia default's security, a public instance allows anonymous access. pac4j is not aware of that
        • or if a Magnolia public website protects a member area, pac4j will not pick up on it. (This use case is not yet supported but will one day.)
      • the way it is done now, pac4j matchers are created on a case-by-case basis to mimic Magnolia's security
      • it should however be possible to dynamically resolve what security Magnolia would apply to a requested path, and to allow/disallow anonymous based on that

      This ticket's initial intent was to make pac4j copy Magnolia's security in the 99% of URLs where pac4j doesn't need to be in front of Magnolia. However, only enabling pac4j on desired target URLs such as Admincentral solves the problem with a better approach, and less code on top of that.

      Checklists

        Acceptance criteria

        Attachments

          Issue Links

            Activity

              People

                mmichel Maxime Michel
                mmichel Maxime Michel
                Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                  Created:
                  Updated:
                  Resolved:

                  Checklists

                    Task DoR