-
Task
-
Resolution: Done
-
Neutral
-
3.0.0
-
None
-
-
Empty show more show less
-
Empty show more show less
-
Yes
-
AdminX 10, AdminX 11
-
8
- dropped ?client_name in redirect URI
- provides a FixedRoleAuthorizationGenerator to add static group/role mappings regardless of what IDP returns.
Additional input:
Question/rubber-ducking about MP config & SSO 1.3/2.0: config changes slightly with authorizationGenerators configured first while groupMappings move below one specific impl (configured via typical 2bean / class-property ways), see the README for an example. MP config doesn't use 2bean or type-mapping facilities, or does it?
Here's how I can imagine rebasing, without requiring arbitrary class instantiation:
- We never need multiple authGenerator instances of the same type (both mappings and fixed-roles/groups can always be added to the same piece of config)
- Generators would rather be registered in SPI ways and let themselves be configured via MP config, e.g.
magnolia.sso.authorizationGenerators.fixed.roles=superuser magnolia.sso.authorizationGenerators.groups.mappings[0].roles=marketing ...
- Therefore still suitable for java extensibility (must-have to merge back to the main branch), without having to allow arbitrary class mappings
Acceptance criteria
- is duplicated by
-
-
- Closed
-
- relates to
-
MGNLSSO-132 Enhance multiple clients configuration and support configurable authenticator for direct client
-
- Closed
-
1.
|
Merge release/2.0 and master |
|
Completed | Evzen Fochr |
2.
|
Update Saas configuration to align with merge changes |
|
Closed | Evzen Fochr |
3.
|
QA |
|
Completed | Nguyen Phung Chi |
4.
|
Rw changes after merge |
|
Completed | Nguyen Phung Chi |
5.
|
Update sso 3.0 documentation according to config changes done in read.me file |
|
Completed | Alex Mansell |
