-
Task
-
Resolution: Won't Fix
-
Neutral
-
None
-
None
-
None
-
None
-
-
Empty show more show less
-
Empty show more show less
Although pac4j's APIs helped a lot in order to lower the code complexity of logging a user into Admincentral using Keycloak as an identity provider, the module still could do more.
One common scenario is a user logging into an area of a public website through Facebook, Twitter, GitHub, etc. SSO authentication.
A back-end server is needed in those cases because without it, the front-end application would need to store the application ID and secret in the front-end code directly, which is unsafe, as it can be read easily.
Luckily, Magnolia and pac4j can chime in. pac4j ships a ton of pre-configured clients: http://www.pac4j.org/docs/clients/oauth.html
What we would need to do would be to provide configurable endpoints, such as the following simple project does: https://github.com/jooby-project/pac4j-starter
This has little to do with the current use case the module is solving. Magnolia components such as the login and logout filters, the UserManager, the ExternalUser, etc. can be left out from such a scenario.
I therefore suggest to split the module into two or three distinct submodules:
- one for Admincentral login with Keycloak for our cloud
- one for easy front-end integrations for customers
- one for common components
- caused by
-
MGNLSSO-23 Only run SSO authentication on selected paths
- Closed
- depends upon
-
MGNLSSO-32 Further securityCallback research
- Accepted
- is duplicated by
-
MGNLSSO-86 Add Support for Authorisation of Web Pages
- In Progress
-
MGNLSSO-277 Support SSO for specific domains
- Open
- relates to
-
MGNLSSO-20 Decouple the module from Keycloak thanks to pac4j's own config by file
- Closed