Details
-
Bug
-
Resolution: Unresolved
-
Neutral
-
None
-
None
-
None
-
None
-
Magnolia 6.2.8 & magnolia-sso 1.1
Description
Trying to configure Google's Open ID authentication does not seem to work.
I provided the following config: (using a working google project with redirect URI properly registered)
authenticationService: path: /.magnolia/admincentral callbackUrl: http://localhost:8080/.auth groupMappings: /publishers: roles: - superuser pac4j: oidc.id: xxxx.apps.googleusercontent.com oidc.secret: yyyyy oidc.scope: openid email oidc.discoveryUri: https://accounts.google.com/.well-known/openid-configuration oidc.preferredJwsAlgorithm: RS256
and got the following exception in the browser after login in Google and being properly redirected to Magnolia according to the openid flow:
org.pac4j.core.exception.TechnicalException: State cannot be determined org.pac4j.oidc.credentials.extractor.OidcExtractor.lambda$extract$0(OidcExtractor.java:100) java.util.Optional.orElseThrow(Optional.java:290) org.pac4j.oidc.credentials.extractor.OidcExtractor.extract(OidcExtractor.java:100) org.pac4j.core.client.BaseClient.retrieveCredentials(BaseClient.java:66) org.pac4j.core.client.IndirectClient.getCredentials(IndirectClient.java:143) org.pac4j.core.engine.DefaultCallbackLogic.perform(DefaultCallbackLogic.java:85) info.magnolia.sso.SsoCallbackServlet.doGet(SsoCallbackServlet.java:57) javax.servlet.http.HttpServlet.service(HttpServlet.java:626) javax.servlet.http.HttpServlet.service(HttpServlet.java:733) info.magnolia.cms.filters.ServletDispatchingFilter.doFilter(ServletDispatchingFilter.java:148) info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:85) info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79) info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:81) info.magnolia.cms.filters.CompositeFilter.doFilter(CompositeFilter.java:65) info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:85) info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79) info.magnolia.virtualuri.VirtualUriFilter.doFilter(VirtualUriFilter.java:98) info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:85) info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79) info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:81) info.magnolia.module.cache.executor.Bypass.processCacheRequest(Bypass.java:58) info.magnolia.module.cache.executor.CompositeExecutor.processCacheRequest(CompositeExecutor.java:66) info.magnolia.module.cache.filter.CacheFilter.doFilter(CacheFilter.java:164) info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:85) info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79) info.magnolia.cms.i18n.I18nContentSupportFilter.doFilter(I18nContentSupportFilter.java:85) info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:85) info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79) info.magnolia.cms.filters.RangeSupportFilter.doFilter(RangeSupportFilter.java:78) info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:85) info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79) info.magnolia.cms.security.BaseSecurityFilter.doFilter(BaseSecurityFilter.java:57) info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:85) info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79) info.magnolia.multisite.filters.CrossSiteSecurityFilter.doFilter(CrossSiteSecurityFilter.java:104) info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:85) info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79) info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:81) info.magnolia.cms.security.SecurityCallbackFilter.doFilter(SecurityCallbackFilter.java:84) info.magnolia.cms.filters.OncePerRequestAbstractMgnlFilter.doFilter(OncePerRequestAbstractMgnlFilter.java:59) info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79) info.magnolia.cms.security.LogoutFilter.doFilter(LogoutFilter.java:94) info.magnolia.sso.SsoLogoutFilter.doFilter(SsoLogoutFilter.java:51) info.magnolia.cms.filters.OncePerRequestAbstractMgnlFilter.doFilter(OncePerRequestAbstractMgnlFilter.java:59) info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79) info.magnolia.module.site.filters.SiteMergeFilter.doFilter(SiteMergeFilter.java:119) info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:85) info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79) info.magnolia.multisite.filters.MultiSiteFilter.doFilter(MultiSiteFilter.java:120) info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:85) info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79) info.magnolia.cms.filters.MultiChannelFilter.doFilter(MultiChannelFilter.java:83) info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:85) info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79) info.magnolia.sitemesh.webapp.MagnoliaSiteMeshFilter.bufferAndPostProcess(MagnoliaSiteMeshFilter.java:95) org.sitemesh.webapp.contentfilter.ContentBufferingFilter.doFilter(ContentBufferingFilter.java:126) org.sitemesh.webapp.SiteMeshFilter.doFilter(SiteMeshFilter.java:120) org.sitemesh.config.ConfigurableSiteMeshFilter.doFilter(ConfigurableSiteMeshFilter.java:163) info.magnolia.sitemesh.config.MagnoliaConfigurableSiteMeshFilter.doFilter(MagnoliaConfigurableSiteMeshFilter.java:92) info.magnolia.cms.filters.FilterDecorator.doFilter(FilterDecorator.java:90) info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:85) info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79) info.magnolia.module.cache.filter.GZipFilter.doFilter(GZipFilter.java:74) info.magnolia.cms.filters.OncePerRequestAbstractMgnlFilter.doFilter(OncePerRequestAbstractMgnlFilter.java:59) info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79) info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:81) info.magnolia.sso.SsoLoginFilter.lambda$doFilter$0(SsoLoginFilter.java:81) org.pac4j.core.engine.DefaultSecurityLogic.perform(DefaultSecurityLogic.java:167) info.magnolia.sso.SsoLoginFilter.doFilter(SsoLoginFilter.java:79) info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:85) info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79) info.magnolia.enterprise.registration.RegistrationFilter.doFilter(RegistrationFilter.java:79) info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:85) info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79) info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:81) info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:81) info.magnolia.cms.filters.MultipartRequestFilter.doFilter(MultipartRequestFilter.java:151) info.magnolia.cms.filters.OncePerRequestAbstractMgnlFilter.doFilter(OncePerRequestAbstractMgnlFilter.java:59) info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79) info.magnolia.personalization.preview.filter.PreviewFilter.doFilter(PreviewFilter.java:92) info.magnolia.cms.filters.OncePerRequestAbstractMgnlFilter.doFilter(OncePerRequestAbstractMgnlFilter.java:59) info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79) info.magnolia.personalization.trait.AbstractTraitDetectorFilter.doFilter(AbstractTraitDetectorFilter.java:80) info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:85) info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79) info.magnolia.personalization.trait.AbstractTraitDetectorFilter.doFilter(AbstractTraitDetectorFilter.java:80) info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:85) info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79) info.magnolia.personalization.trait.AbstractTraitDetectorFilter.doFilter(AbstractTraitDetectorFilter.java:80) info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:85) info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79) info.magnolia.personalization.trait.AbstractTraitDetectorFilter.doFilter(AbstractTraitDetectorFilter.java:80) info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:85) info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79) info.magnolia.cms.filters.ContentTypeFilter.doFilter(ContentTypeFilter.java:155) info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:85) info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79) info.magnolia.cms.filters.ContextFilter.doFilter(ContextFilter.java:128) info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:85) info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79) info.magnolia.cms.filters.CompositeFilter.doFilter(CompositeFilter.java:65) info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:85) info.magnolia.cms.filters.SafeDestroyMgnlFilterWrapper.doFilter(SafeDestroyMgnlFilterWrapper.java:107) info.magnolia.cms.filters.MgnlFilterDispatcher.doDispatch(MgnlFilterDispatcher.java:67) info.magnolia.cms.filters.MgnlMainFilter.doFilter(MgnlMainFilter.java:110) info.magnolia.cms.filters.MgnlMainFilter.doFilter(MgnlMainFilter.java:96)
In the logs I only got:
2021-05-24 15:31:21,787 WARN c4j.core.client.finder.DefaultSecurityClientFinder: Migration required: use the 'force_client' parameter instead of the 'client_name' parameter to force a client for security. URL: http://localhost:8080/.auth?client_name=OidcClient&state=fad0d5203d&code=4%2F0AY0e-g5A-m0tKSFzgFGyAwn00YFIExRGExC55PtN7zkexcKtboN3aMa44MWpCdjXw5Qulg&scope=email+openid+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.email&authuser=0&prompt=consent 24-May-2021 15:35:34.522 INFO [Catalina-utility-1] org.atmosphere.util.ForkJoinPool.<init> Using ForkJoinPool java.util.concurrent.ForkJoinPool. Set the org.atmosphere.cpr.broadcaster.maxAsyncWriteThreads to -1 to fully use its power.
Checklists
Acceptance criteria