Uploaded image for project: 'Single Sign On'
  1. Single Sign On
  2. MGNLSSO-93

URI permission conflict for anonymous role

    XMLWordPrintable

Details

    • Bug
    • Resolution: Obsolete
    • Critical
    • None
    • 2.0.1
    • None
    • None

    Description

      Steps to reproduce

      1. Installing Magnolia 6.2.14 + SSO 2.0.1 + PaaS instrumentation-cloud 2.4.1
      2. instrumentation-cloud module starts before SSO module. 
      3. Magnolia does not start because SSO module attempts to bootstraps URI permission with name "01" which already exists because instrumentation-cloud module has created a URI permission and assigned the name "01"

      instrumentation-cloud creates URI permission in info.magnolia.services.setup.InstrumentationCloudVersionHandler#getExtraInstallTasks: 

      // anonymous access to metrics endpoint
      tasks.add(new AddURIPermissionTask("anonymous access", "anonymous permissions for metrics endpoint", "anonymous", "/.monitoring/*", AddURIPermissionTask.GET_POST));

      SSO module bootstraps same named permission in userroles.anonymous.acl_uri.01.yaml: 

      01:
        path: /.auth*
        permissions: 63

      Expected results

      PaaS customers should be able to use the SSO module in PaaS.

      SSO module should not assume a specific name when adding URI permissions.

      Actual results

      Magnolia does not start.

      Workaround

      A practical workaround is critical for PaaS. Repairing the permissions involves manually starting Magnolia in rescue mode and deleting URI permissions and restarting. The problem also prevents content transfers between PaaS customer environments.

      Adding a module dependency for the SSO module to the instrumentation-cloud module is not a solution: not all PaaS customers use the SSO module.

      Development notes

      Checklists

        Acceptance criteria

        Attachments

          Issue Links

            Activity

              People

                efochr Evzen Fochr
                awarinner Andrew Warinner
                Votes:
                0 Vote for this issue
                Watchers:
                5 Start watching this issue

                Dates

                  Created:
                  Updated:
                  Resolved:

                  Checklists

                    Bug DoR
                    Task DoD