Details
-
Improvement
-
Resolution: Workaround exists
-
Major
-
None
-
None
-
None
-
None
-
linux, java 1.8, tomcat 9
Description
Steps to reproduce
- Install magnolia-sso-connector module version 2.7.2 (maven dependency)
- setup mymodule/decorations/sso-connector/config.yaml defining an authentication service `fusionOpenIdConnect` (example attached)
- update jaas.config, defining `fusionOpenIdConnect` realm
- configure `/server/filters/login/loginHandlers/SSOConnector` with `jaasChain: fusionOpenIdConnect`
- configure `/server/filters/securityCallback/clientCallbacks/fusionOpenIdConnect` with `authenticationServiceName: fusionOpenIdConnect` and appropriate class
- update `/server/security/userManagers/sso-authentication` setting `realmName: fusionOpenIdConnect`
- order `fusionOpenIdConnect` above `form` under `/server/filters/securityCallback/clientCallbacks/fusionOpenIdConnect`
- Open a new private browser window and attempt login to /magnoliaAuthor/
Expected results
Successful login to Magnolia admin central
Actual results
Infinite redirect loop between Magnolia and Azure AD.
Debugging has identified that userManager is null in the lines shown below below from `info.magnolia.connector.sso.util.UserAccountUtils`.
Also realmName is `fusionOpenIdConnect`, matching the value set above
```
ExternalUserManager userManager = (ExternalUserManager) securitySupport.getUserManager(realmName);
return userManager.getUser(userDetails, groupList, roleList);
```
Workaround
None found as of yet
Development notes
Update: Request to improve documentation, especially that found on this page: https://documentation.magnolia-cms.com/display/SERVICES/SSO+Admincentral+Login
Checklists
Acceptance criteria