Details
-
Improvement
-
Resolution: Unresolved
-
Neutral
-
None
-
None
-
None
-
None
Description
We need to provide SSO config to configure domains-matching along with current path-matching.
The current config of SSO only supports path-matching causing multisite domain can't be applied for SSO.
Example:
SSO Config:
path: /partner-portal
callbackUrl: !env ${MAGNOLIA_PARTNER_SSO_CALLBACK_BASE_URL}/.auth
postLogoutRedirectUri: !env ${MAGNOLIA_PARTNER_SSO_CALLBACK_BASE_URL}
authorizationGenerators:
- name: fixedRoleAuthorization
fixed:
targetRoles:
- partner
- partner-extranet
- name: groupsAuthorization # not any longer the fixedRoleAuthorization!
groups:
mappings:
- name: magnolia-superusers # magnolia-superusers group in Okta
targetRoles:
- superuser
- rest-admin
clients:
oidc.id: !env ${MAGNOLIA_PARTNER_SSO_OIDCID}
oidc.secret: !env ${MAGNOLIA_PARTNER_SSO_OIDCSECRET}
oidc.clientAuthenticationMethod: client_secret_post
oidc.scope: openid profile email groups
oidc.discoveryUri: !env ${MAGNOLIA_PARTNER_SSO_DISCOVERY_URL}
oidc.preferredJwsAlgorithm: RS256
oidc.authorizationGenerators: fixedRoleAuthorization
userFieldMappings:
name: name
removeEmailDomainFromUserName: true
removeSpecialCharactersFromUserName: false
fullName: name
email: email
language: locale
Multisite config:
https://author.prod.corp-webpre.magnolia-platform.com/.magnolia/admincentral#app:definitions-app:overview;modules~multisite~sites~partner-portal::

If we hit, https://www.magnolia-cms.com/partner-portal => it's working properly
If we hit, https://partnerportal.magnolia-cms.com => SSO won't work.
Use-case: https://jira.magnolia-cms.com/browse/PTNRPRTL-40
We need to provide SSO for public instances under path /partner-portal, not author and in multisite domain
Thank you so much.
Checklists
Attachments
Issue Links
- duplicates
-
MGNLSSO-35 Allow Magnolia to be used as pac4j middle-man in PUR scenarios
-
- Closed
-
- relates to
-
MGNLSSO-307 SSO module should support multiple domains
-
- Open
-