-
Improvement
-
Resolution: Unresolved
-
Neutral
-
None
-
None
-
None
-
None
We need to provide SSO config to configure domains-matching along with current path-matching.
The current config of SSO only supports path-matching causing multisite domain can't be applied for SSO.
Example:
SSO Config:
path: /partner-portal callbackUrl: !env ${MAGNOLIA_PARTNER_SSO_CALLBACK_BASE_URL}/.auth postLogoutRedirectUri: !env ${MAGNOLIA_PARTNER_SSO_CALLBACK_BASE_URL} authorizationGenerators: - name: fixedRoleAuthorization fixed: targetRoles: - partner - partner-extranet - name: groupsAuthorization # not any longer the fixedRoleAuthorization! groups: mappings: - name: magnolia-superusers # magnolia-superusers group in Okta targetRoles: - superuser - rest-admin clients: oidc.id: !env ${MAGNOLIA_PARTNER_SSO_OIDCID} oidc.secret: !env ${MAGNOLIA_PARTNER_SSO_OIDCSECRET} oidc.clientAuthenticationMethod: client_secret_post oidc.scope: openid profile email groups oidc.discoveryUri: !env ${MAGNOLIA_PARTNER_SSO_DISCOVERY_URL} oidc.preferredJwsAlgorithm: RS256 oidc.authorizationGenerators: fixedRoleAuthorization userFieldMappings: name: name removeEmailDomainFromUserName: true removeSpecialCharactersFromUserName: false fullName: name email: email language: locale
Multisite config:
https://author.prod.corp-webpre.magnolia-platform.com/.magnolia/admincentral#app:definitions-app:overview;modules~multisite~sites~partner-portal::
If we hit, https://www.magnolia-cms.com/partner-portal => it's working properly
If we hit, https://partnerportal.magnolia-cms.com => SSO won't work.
Use-case: https://jira.magnolia-cms.com/browse/PTNRPRTL-40
We need to provide SSO for public instances under path /partner-portal, not author and in multisite domain
Thank you so much.
- duplicates
-
MGNLSSO-35 Allow Magnolia to be used as pac4j middle-man in PUR scenarios
- Closed
- relates to
-
MGNLSSO-307 SSO module should support multiple domains
- Open