-
Bug
-
Resolution: Obsolete
-
Critical
-
None
-
2.0.1
-
None
-
None
-
Empty show more show less
-
AdminX 1
Steps to reproduce
- Installing Magnolia 6.2.14 + SSO 2.0.1 + PaaS instrumentation-cloud 2.4.1
- instrumentation-cloud module starts before SSO module.
- Magnolia does not start because SSO module attempts to bootstraps URI permission with name "01" which already exists because instrumentation-cloud module has created a URI permission and assigned the name "01"
instrumentation-cloud creates URI permission in info.magnolia.services.setup.InstrumentationCloudVersionHandler#getExtraInstallTasks:
// anonymous access to metrics endpoint
tasks.add(new AddURIPermissionTask("anonymous access", "anonymous permissions for metrics endpoint", "anonymous", "/.monitoring/*", AddURIPermissionTask.GET_POST));
SSO module bootstraps same named permission in userroles.anonymous.acl_uri.01.yaml:
01:
path: /.auth*
permissions: 63
Expected results
PaaS customers should be able to use the SSO module in PaaS.
SSO module should not assume a specific name when adding URI permissions.
Actual results
Magnolia does not start.
Workaround
A practical workaround is critical for PaaS. Repairing the permissions involves manually starting Magnolia in rescue mode and deleting URI permissions and restarting. The problem also prevents content transfers between PaaS customer environments.
Adding a module dependency for the SSO module to the instrumentation-cloud module is not a solution: not all PaaS customers use the SSO module.
Development notes
- relates to
-
MGNLSSO-92 Infinite redirection loop after "Connection lost. Trying to reconnect..." message
-
- Closed
-
