[DOCU-2676] Keycloak integration config fix Created: 14/Mar/23  Updated: 14/Mar/23  Resolved: 14/Mar/23

Status: Resolved
Project: Documentation
Component/s: None
Affects Version/s: None
Fix Version/s: None

Type: Improvement Priority: Neutral
Reporter: Lorenzo Patocchi Assignee: Alex Mansell
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Documentation page URL: https://docs.magnolia-cms.com/magnolia-sso/3.1.0/index.html
Reporter Name: Lorenzo Patocchi
Email: lorenzo.patocchi@cryms.com

 Description   

We found misleading configuration indications and found the problem as follows.

In the chapter https://docs.magnolia-cms.com/magnolia-sso/3.1.0/index.html#_prerequisites where the configuration of the Group Membership mapper is Keycloak,  it is indicated to keep the Full group path flag ON (in the screenshot).

With this setting, Magnolia module will not receive group name (e.g. "magnolia-sre") but the group path i.e. ("/magnolia-sre").

Hence the mapping suggested in yaml config (at the point 5 ) will not match.

Should change "magnolia-sre" in "/magnolia-sre" ....or alternatively maintain "magnolia-sre" but disable the "Full group path" flag in Keycloack.

{{path: /.magnolia/admincentral
callbackUrl: http://localhost:8080/.auth
postLogoutRedirectUri: http://localhost:8080/.magnolia/admincentral
authorizationGenerators:
  - name: groupsAuthorization
    groups:
      mappings:
        - name: /magnolia-sre
          targetGroups:
            - publishers
          targetRoles:
            - ...}}

 


Generated at Mon Feb 12 01:29:15 CET 2024 using Jira 9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b.