Uploaded image for project: 'Single Sign On'
  1. Single Sign On
  2. MGNLSSO-78

Rebase SSO cloud feature branch on top of SSO 2.0

    XMLWordPrintable

Details

    • Yes
    • AdminX 10, AdminX 11
    • 8

    Description

      • dropped ?client_name in redirect URI
      • provides a FixedRoleAuthorizationGenerator to add static group/role mappings regardless of what IDP returns.

      Additional input:

      Question/rubber-ducking about MP config & SSO 1.3/2.0: config changes slightly with authorizationGenerators configured first while groupMappings move below one specific impl (configured via typical 2bean / class-property ways), see the README for an example. MP config doesn't use 2bean or type-mapping facilities, or does it?

      Here's how I can imagine rebasing, without requiring arbitrary class instantiation:

      • We never need multiple authGenerator instances of the same type (both mappings and fixed-roles/groups can always be added to the same piece of config)
      • Generators would rather be registered in SPI ways and let themselves be configured via MP config, e.g.
      magnolia.sso.authorizationGenerators.fixed.roles=superuser
      magnolia.sso.authorizationGenerators.groups.mappings[0].roles=marketing
      ...
      
      • Therefore still suitable for java extensibility (must-have to merge back to the main branch), without having to allow arbitrary class mappings

      Checklists

        Acceptance criteria

        Attachments

          Issue Links

            Activity

              People

                efochr Evzen Fochr
                mgeljic Mikaël Geljić
                AdminX
                Votes:
                0 Vote for this issue
                Watchers:
                4 Start watching this issue

                Dates

                  Created:
                  Updated:
                  Resolved:

                  Checklists

                    Task DoR