[DOCU-2676] Keycloak integration config fix Created: 14/Mar/23 Updated: 14/Mar/23 Resolved: 14/Mar/23 |
|
| Status: | Resolved |
| Project: | Documentation |
| Component/s: | None |
| Affects Version/s: | None |
| Fix Version/s: | None |
| Type: | Improvement | Priority: | Neutral |
| Reporter: | Lorenzo Patocchi | Assignee: | Alex Mansell |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Documentation page URL: | https://docs.magnolia-cms.com/magnolia-sso/3.1.0/index.html |
| Reporter Name: | Lorenzo Patocchi |
| Email: | lorenzo.patocchi@cryms.com |
| Description |
|
We found misleading configuration indications and found the problem as follows. In the chapter https://docs.magnolia-cms.com/magnolia-sso/3.1.0/index.html#_prerequisites where the configuration of the Group Membership mapper is Keycloak, it is indicated to keep the Full group path flag ON (in the screenshot). With this setting, Magnolia module will not receive group name (e.g. "magnolia-sre") but the group path i.e. ("/magnolia-sre"). Hence the mapping suggested in yaml config (at the point 5 ) will not match. Should change "magnolia-sre" in "/magnolia-sre" ....or alternatively maintain "magnolia-sre" but disable the "Full group path" flag in Keycloack. {{path: /.magnolia/admincentral
|