[MGNLSSO-141] The SSO config intercepts all requests having an Authorization header Created: 04/Jul/22 Updated: 03/Aug/22 Resolved: 19/Jul/22 |
|
| Status: | Closed |
| Project: | Single Sign On |
| Component/s: | None |
| Affects Version/s: | 2.0.4 |
| Fix Version/s: | 2.0.5 |
| Type: | Bug | Priority: | Major |
| Reporter: | Adrien Manzoni | Assignee: | Nguyen Phung Chi |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | None | ||
| Σ Remaining Estimate: | Not Specified | Remaining Estimate: | Not Specified |
| Σ Time Spent: | 0.5d | Time Spent: | 0.5d |
| Σ Original Estimate: | Not Specified | Original Estimate: | Not Specified |
| Sub-Tasks: |
|
|||||||||||||||||||||||||
| Template: | ||||||||||||||||||||||||||
| Acceptance criteria: |
Empty
|
|||||||||||||||||||||||||
| Task DoD: |
[X]*
Doc/release notes changes? Comment present?
[X]*
Downstream builds green?
[X]*
Solution information and context easily available?
[X]*
Tests
[X]*
FixVersion filled and not yet released
[ ] 
Architecture Decision Record (ADR)
|
|||||||||||||||||||||||||
| Bug DoR: |
[ ]*
Steps to reproduce, expected, and actual results filled
[ ]*
Affected version filled
|
|||||||||||||||||||||||||
| Date of First Response: | ||||||||||||||||||||||||||
| Epic Link: | SSO support for custom IdPs | |||||||||||||||||||||||||
| Sprint: | AdminX 14 | |||||||||||||||||||||||||
| Story Points: | 2 | |||||||||||||||||||||||||
| Team: |
| Description |
Steps to reproduce
Expected resultsThe request hits directly the ContainerRequestFilter, which will take care of the Authorization. Actual resultsThe SSO filter intercepts the request and stops it as the passed token has not been signed by the IDP configured in the SSO config. WorkaroundAs mentioned in the Slack thread by Nguyen Phung, we could extend the SSO module and remove the Header matcher defined here But that'll require customizing the module which is not ideal. Development notes |