[MGNLSSO-141] The SSO config intercepts all requests having an Authorization header Created: 04/Jul/22  Updated: 03/Aug/22  Resolved: 19/Jul/22

Status: Closed
Project: Single Sign On
Component/s: None
Affects Version/s: 2.0.4
Fix Version/s: 2.0.5

Type: Bug Priority: Major
Reporter: Adrien Manzoni Assignee: Nguyen Phung Chi
Resolution: Fixed Votes: 0
Labels: None
Σ Remaining Estimate: Not Specified Remaining Estimate: Not Specified
Σ Time Spent: 0.5d Time Spent: 0.5d
Σ Original Estimate: Not Specified Original Estimate: Not Specified

Sub-Tasks:
Key
Summary
Type
Status
Assignee
MGNLSSO-146 Implementation Technical task Completed Nguyen Phung Chi  
MGNLSSO-147 Review Technical task Completed Evzen Fochr  
MGNLSSO-148 PiQA Technical task Closed  
MGNLSSO-149 Final QA Technical task Completed Evzen Fochr  
Template:
Acceptance criteria:
Empty
Task DoD:
[X]* Doc/release notes changes? Comment present?
[X]* Downstream builds green?
[X]* Solution information and context easily available?
[X]* Tests
[X]* FixVersion filled and not yet released
[ ]  Architecture Decision Record (ADR)
Bug DoR:
[ ]* Steps to reproduce, expected, and actual results filled
[ ]* Affected version filled
Date of First Response:
Epic Link: SSO support for custom IdPs
Sprint: AdminX 14
Story Points: 2
Team: AdminX

 Description   

Steps to reproduce

  1. Define a custom REST endpoint and a dedicated ContainerRequestFilter to handle the authentication over JWT through the Authorization header
  2. Allow anonymous access on that endpoint to bypass the Magnolia login process

Expected results

The request hits directly the ContainerRequestFilter, which will take care of the Authorization.

Actual results

The SSO filter intercepts the request and stops it as the passed token has not been signed by the IDP configured in the SSO config.

Workaround

As mentioned in the Slack thread by Nguyen Phung, we could extend the SSO module and remove the Header matcher defined here
https://git.magnolia-cms.com/projects/ENTERPRISE/repos/magnolia-sso/browse/magnolia-sso[…]agnolia/sso/SsoModule.java?at=refs%2Fheads%2Frelease%2F2.0

But that'll require customizing the module which is not ideal.

Development notes


Generated at Mon Feb 12 10:51:29 CET 2024 using Jira 9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b.