Uploaded image for project: 'Single Sign On'
  1. Single Sign On
  2. MGNLSSO-57

Google OpenId authentication does not work

    XMLWordPrintable

Details

    • Bug
    • Resolution: Unresolved
    • Neutral
    • None
    • None
    • None
    • None
    • Magnolia 6.2.8 & magnolia-sso 1.1

    Description

      Trying to configure Google's Open ID authentication does not seem to work.

      I provided the following config: (using a working google project with redirect URI properly registered)

      authenticationService:
        path: /.magnolia/admincentral 
        callbackUrl: http://localhost:8080/.auth 
        groupMappings: 
          /publishers:
            roles:
              - superuser
        pac4j: 
          oidc.id: xxxx.apps.googleusercontent.com
          oidc.secret: yyyyy
          oidc.scope: openid email 
          oidc.discoveryUri: https://accounts.google.com/.well-known/openid-configuration
          oidc.preferredJwsAlgorithm: RS256 
      

      and got the following exception in the browser after login in Google and being properly redirected to Magnolia according to the openid flow:

      org.pac4j.core.exception.TechnicalException: State cannot be determined
      	org.pac4j.oidc.credentials.extractor.OidcExtractor.lambda$extract$0(OidcExtractor.java:100)
      	java.util.Optional.orElseThrow(Optional.java:290)
      	org.pac4j.oidc.credentials.extractor.OidcExtractor.extract(OidcExtractor.java:100)
      	org.pac4j.core.client.BaseClient.retrieveCredentials(BaseClient.java:66)
      	org.pac4j.core.client.IndirectClient.getCredentials(IndirectClient.java:143)
      	org.pac4j.core.engine.DefaultCallbackLogic.perform(DefaultCallbackLogic.java:85)
      	info.magnolia.sso.SsoCallbackServlet.doGet(SsoCallbackServlet.java:57)
      	javax.servlet.http.HttpServlet.service(HttpServlet.java:626)
      	javax.servlet.http.HttpServlet.service(HttpServlet.java:733)
      	info.magnolia.cms.filters.ServletDispatchingFilter.doFilter(ServletDispatchingFilter.java:148)
      	info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:85)
      	info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79)
      	info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:81)
      	info.magnolia.cms.filters.CompositeFilter.doFilter(CompositeFilter.java:65)
      	info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:85)
      	info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79)
      	info.magnolia.virtualuri.VirtualUriFilter.doFilter(VirtualUriFilter.java:98)
      	info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:85)
      	info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79)
      	info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:81)
      	info.magnolia.module.cache.executor.Bypass.processCacheRequest(Bypass.java:58)
      	info.magnolia.module.cache.executor.CompositeExecutor.processCacheRequest(CompositeExecutor.java:66)
      	info.magnolia.module.cache.filter.CacheFilter.doFilter(CacheFilter.java:164)
      	info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:85)
      	info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79)
      	info.magnolia.cms.i18n.I18nContentSupportFilter.doFilter(I18nContentSupportFilter.java:85)
      	info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:85)
      	info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79)
      	info.magnolia.cms.filters.RangeSupportFilter.doFilter(RangeSupportFilter.java:78)
      	info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:85)
      	info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79)
      	info.magnolia.cms.security.BaseSecurityFilter.doFilter(BaseSecurityFilter.java:57)
      	info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:85)
      	info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79)
      	info.magnolia.multisite.filters.CrossSiteSecurityFilter.doFilter(CrossSiteSecurityFilter.java:104)
      	info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:85)
      	info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79)
      	info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:81)
      	info.magnolia.cms.security.SecurityCallbackFilter.doFilter(SecurityCallbackFilter.java:84)
      	info.magnolia.cms.filters.OncePerRequestAbstractMgnlFilter.doFilter(OncePerRequestAbstractMgnlFilter.java:59)
      	info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79)
      	info.magnolia.cms.security.LogoutFilter.doFilter(LogoutFilter.java:94)
      	info.magnolia.sso.SsoLogoutFilter.doFilter(SsoLogoutFilter.java:51)
      	info.magnolia.cms.filters.OncePerRequestAbstractMgnlFilter.doFilter(OncePerRequestAbstractMgnlFilter.java:59)
      	info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79)
      	info.magnolia.module.site.filters.SiteMergeFilter.doFilter(SiteMergeFilter.java:119)
      	info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:85)
      	info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79)
      	info.magnolia.multisite.filters.MultiSiteFilter.doFilter(MultiSiteFilter.java:120)
      	info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:85)
      	info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79)
      	info.magnolia.cms.filters.MultiChannelFilter.doFilter(MultiChannelFilter.java:83)
      	info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:85)
      	info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79)
      	info.magnolia.sitemesh.webapp.MagnoliaSiteMeshFilter.bufferAndPostProcess(MagnoliaSiteMeshFilter.java:95)
      	org.sitemesh.webapp.contentfilter.ContentBufferingFilter.doFilter(ContentBufferingFilter.java:126)
      	org.sitemesh.webapp.SiteMeshFilter.doFilter(SiteMeshFilter.java:120)
      	org.sitemesh.config.ConfigurableSiteMeshFilter.doFilter(ConfigurableSiteMeshFilter.java:163)
      	info.magnolia.sitemesh.config.MagnoliaConfigurableSiteMeshFilter.doFilter(MagnoliaConfigurableSiteMeshFilter.java:92)
      	info.magnolia.cms.filters.FilterDecorator.doFilter(FilterDecorator.java:90)
      	info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:85)
      	info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79)
      	info.magnolia.module.cache.filter.GZipFilter.doFilter(GZipFilter.java:74)
      	info.magnolia.cms.filters.OncePerRequestAbstractMgnlFilter.doFilter(OncePerRequestAbstractMgnlFilter.java:59)
      	info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79)
      	info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:81)
      	info.magnolia.sso.SsoLoginFilter.lambda$doFilter$0(SsoLoginFilter.java:81)
      	org.pac4j.core.engine.DefaultSecurityLogic.perform(DefaultSecurityLogic.java:167)
      	info.magnolia.sso.SsoLoginFilter.doFilter(SsoLoginFilter.java:79)
      	info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:85)
      	info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79)
      	info.magnolia.enterprise.registration.RegistrationFilter.doFilter(RegistrationFilter.java:79)
      	info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:85)
      	info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79)
      	info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:81)
      	info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:81)
      	info.magnolia.cms.filters.MultipartRequestFilter.doFilter(MultipartRequestFilter.java:151)
      	info.magnolia.cms.filters.OncePerRequestAbstractMgnlFilter.doFilter(OncePerRequestAbstractMgnlFilter.java:59)
      	info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79)
      	info.magnolia.personalization.preview.filter.PreviewFilter.doFilter(PreviewFilter.java:92)
      	info.magnolia.cms.filters.OncePerRequestAbstractMgnlFilter.doFilter(OncePerRequestAbstractMgnlFilter.java:59)
      	info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79)
      	info.magnolia.personalization.trait.AbstractTraitDetectorFilter.doFilter(AbstractTraitDetectorFilter.java:80)
      	info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:85)
      	info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79)
      	info.magnolia.personalization.trait.AbstractTraitDetectorFilter.doFilter(AbstractTraitDetectorFilter.java:80)
      	info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:85)
      	info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79)
      	info.magnolia.personalization.trait.AbstractTraitDetectorFilter.doFilter(AbstractTraitDetectorFilter.java:80)
      	info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:85)
      	info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79)
      	info.magnolia.personalization.trait.AbstractTraitDetectorFilter.doFilter(AbstractTraitDetectorFilter.java:80)
      	info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:85)
      	info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79)
      	info.magnolia.cms.filters.ContentTypeFilter.doFilter(ContentTypeFilter.java:155)
      	info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:85)
      	info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79)
      	info.magnolia.cms.filters.ContextFilter.doFilter(ContextFilter.java:128)
      	info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:85)
      	info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79)
      	info.magnolia.cms.filters.CompositeFilter.doFilter(CompositeFilter.java:65)
      	info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:85)
      	info.magnolia.cms.filters.SafeDestroyMgnlFilterWrapper.doFilter(SafeDestroyMgnlFilterWrapper.java:107)
      	info.magnolia.cms.filters.MgnlFilterDispatcher.doDispatch(MgnlFilterDispatcher.java:67)
      	info.magnolia.cms.filters.MgnlMainFilter.doFilter(MgnlMainFilter.java:110)
      	info.magnolia.cms.filters.MgnlMainFilter.doFilter(MgnlMainFilter.java:96)
      

      In the logs I only got:

      2021-05-24 15:31:21,787 WARN  c4j.core.client.finder.DefaultSecurityClientFinder: Migration required: use the 'force_client' parameter instead of the 'client_name' parameter to force a client for security. URL: http://localhost:8080/.auth?client_name=OidcClient&state=fad0d5203d&code=4%2F0AY0e-g5A-m0tKSFzgFGyAwn00YFIExRGExC55PtN7zkexcKtboN3aMa44MWpCdjXw5Qulg&scope=email+openid+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.email&authuser=0&prompt=consent
      24-May-2021 15:35:34.522 INFO [Catalina-utility-1] org.atmosphere.util.ForkJoinPool.<init> Using ForkJoinPool  java.util.concurrent.ForkJoinPool. Set the org.atmosphere.cpr.broadcaster.maxAsyncWriteThreads to -1 to fully use its power.
      

       

      Checklists

        Acceptance criteria

        Attachments

          Issue Links

            Activity

              People

                Unassigned Unassigned
                ebguilbert Edwin Guilbert
                AdminX
                Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                  Created:
                  Updated:

                  Checklists

                    Bug DoR
                    Task DoD

                    Time Tracking

                      Estimated:
                      Original Estimate - Not Specified
                      Not Specified
                      Remaining:
                      Remaining Estimate - 0d
                      0d
                      Logged:
                      Time Spent - 0.25d
                      0.25d