Uploaded image for project: 'Single Sign On'
  1. Single Sign On
  2. MGNLSSO-78

Rebase SSO cloud feature branch on top of SSO 2.0

    XMLWordPrintable

Details

    • Yes
    • AdminX 10, AdminX 11
    • 8

    Description

      • dropped ?client_name in redirect URI
      • provides a FixedRoleAuthorizationGenerator to add static group/role mappings regardless of what IDP returns.

      Additional input:

      Question/rubber-ducking about MP config & SSO 1.3/2.0: config changes slightly with authorizationGenerators configured first while groupMappings move below one specific impl (configured via typical 2bean / class-property ways), see the README for an example. MP config doesn't use 2bean or type-mapping facilities, or does it?

      Here's how I can imagine rebasing, without requiring arbitrary class instantiation:

      • We never need multiple authGenerator instances of the same type (both mappings and fixed-roles/groups can always be added to the same piece of config)
      • Generators would rather be registered in SPI ways and let themselves be configured via MP config, e.g.
      magnolia.sso.authorizationGenerators.fixed.roles=superuser
      magnolia.sso.authorizationGenerators.groups.mappings[0].roles=marketing
      ...
      
      • Therefore still suitable for java extensibility (must-have to merge back to the main branch), without having to allow arbitrary class mappings

      Checklists

        Acceptance criteria

        Attachments

          Issue Links

            There are no Sub-Tasks for this issue.

            Activity

              People

                efochr Evzen Fochr
                mgeljic Mikaël Geljić
                AdminX
                Votes:
                0 Vote for this issue
                Watchers:
                4 Start watching this issue

                Dates

                  Created:
                  Updated:
                  Resolved:

                  Checklists

                    Task DoR