[DOCU-238] Activation authentication with public key Created: 22/Dec/11  Updated: 07/May/15  Resolved: 07/Feb/12

Status: Closed
Project: Documentation
Component/s: content
Affects Version/s: None
Fix Version/s: None

Type: Task Priority: Neutral
Reporter: Antti Hietala Assignee: Antti Hietala
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
relation
is related to MAGNOLIA-3933 4.5-beta3 eric (Example Editor - Demo... Closed
Template:
Acceptance criteria:
Empty
Task DoR:
Empty
Date of First Response:

 Description   

Activation authentication mechanism changed in 4.5. Instead of user credentials, the request between author and public instance is now authenticated with a key.

Document the new mechanism in /security/activation and cross reference the article from /editing/activating. Explain the benefits and how it works. Concept Activation Authentication wiki page has details. See new page Tools > Activation in AdminCentral where new public key is generated.

Suggestion for article structure:

  • Secure activation, why needed and how Magnolia does it (intro)
  • Public key authentication (summarize how key authentication works)
  • Generating a new public key
  • Copying the key to public instances
  • Troubleshooting (when activation workflow fails due to key mismatch), logging

Help text in Tools > Activation says "[key] will be transfered automatically to all configured public instances upon first activation or after generating new key set above". This did not work for me. Had to copy it to public instance manually. Check with Jan how this should work and propose a revised help text if incorrect/confusing.

Wiki page mentions an "alert task in the activation command chain to warn user that secure communication was not yet established". Check status from Jan.



 Comments   
Comment by Jan Haderka [ 22/Dec/11 ]
  • the message is wrong. Key is indeed not automatically transferred if it is changed at later time.
  • the alert task was not done since we managed to implement handshake mechanism that allows instances to establish connections automatically on first activation.
Comment by Ruth Stocks [ 02/Jan/12 ]

New page at - http://docuauthor.magnolia-cms.com/administration/security/activation.html
Link to page at Editing > Actions > Activating

Notes:
The default users installed with the Workflow module (eric and peter) can no longer initiate activation requests and publish. (The error message is "can’t version: Worlspace access denied"). If this is intentional I can include instructions to update their permissions.

Comment by Jan Haderka [ 03/Jan/12 ]

Definitively not intentional. Did you get this on snapshot of 4.5? can you please create issue in MAGNOLIA project and provide the log file from the time frame when this error occurred? Thx.

Comment by Ruth Stocks [ 04/Jan/12 ]

Created issue: MAGNOLIA-3933 - 4.5-beta3 eric (Example Editor - Demo Project) cannot initiate workflow requests

Generated at Mon Feb 12 01:07:14 CET 2024 using Jira 9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b.