Details
-
Improvement
-
Resolution: Won't Do
-
Neutral
-
None
-
2.0
-
None
-
None
Description
It should be improved so the plain text value of the oidc.secret is not configured in a YAML file.
authenticationService: path: /.magnolia/admincentral callbackUrl: http://localhost:8080/.auth groupMappings: /magnolia-sre: roles: - superuser pac4j: oidc.id: magnolia-sso oidc.secret: 2ff75b44-c7ef-4932-91c8-59e6ea5f35b6 oidc.scope: openid profile email oidc.discoveryUri: https://<YOUR_OIDC_IDP_DOMAIN>/…/.well-known/openid-configuration oidc.preferredJwsAlgorithm: RS256
Notes
We should add another configuration option to set a keystore workspace path. Maybe something like:
oidc.secret.keystore.path: /sso/oidc.secret
Still allow the old configuration for backwards compatibility reasons. Users can select what level of security is necessary for the use case.
Checklists
Acceptance criteria