[MGNLSSO-188] Refresh SSO config when loaded through the YAML bridge Created: 12/Oct/22  Updated: 08/Mar/23  Resolved: 01/Feb/23

Status: Closed
Project: Single Sign On
Component/s: None
Affects Version/s: 3.0.0
Fix Version/s: 3.1.0, saas

Type: Bug Priority: Neutral
Reporter: Mikaël Geljić Assignee: Nguyen Phung Chi
Resolution: Fixed Votes: 0
Labels: None
Σ Remaining Estimate: Not Specified Remaining Estimate: Not Specified
Σ Time Spent: 11d 1h Time Spent: 11d 1h
Σ Original Estimate: Not Specified Original Estimate: Not Specified

Issue Links:
Relates
relates to MGNLSSO-208 Check effective/parsed configuration ... Open
dependency
depends upon MAGNOLIA-8674 Register definition from un-registere... Closed
Sub-Tasks:
Key
Summary
Type
Status
Assignee
MGNLSSO-209 Implement Sub-task Completed Nguyen Phung Chi  
MGNLSSO-210 Review Sub-task Completed Evzen Fochr  
MGNLSSO-211 QA Sub-task Completed Nguyen Phung Chi  
MGNLSSO-212 Pre-Integration QA Sub-task Completed Evzen Fochr  
Template:
Acceptance criteria:
Empty
Task DoD:
[X]* Doc/release notes changes? Comment present?
[X]* Downstream builds green?
[X]* Solution information and context easily available?
[X]* Tests
[X]* FixVersion filled and not yet released
[ ]  Architecture Decision Record (ADR)
Bug DoR:
[ ]* Steps to reproduce, expected, and actual results filled
[ ]* Affected version filled
Date of First Response:
Epic Link: SSO support for custom IdPs
Sprint: AdminX 25, AdminX 26 Xmas & New year, AdminX 27, AdminX 28
Story Points: 5
Team: AdminX
Work Started:

 Description   

Context

Intermittently, some PaaS instances could not start up successfully because it could not load the expected resource at /magnolia-sso/config.yaml. See the trace below
(side note: even if magnolia started up successfully, users would not be able to log in).

Root cause is unknown at this point, might be a race condition with light-module sync, nonetheless we may take some steps to mitigate the issue.

Currently, SSO config is not reloaded in v3.

Also, the "bridge" config path (noted above) overlaps with the module config decoration mechanism. As a result, while the typical resource-loading logs may appear (with or without definition problems), we assume this doesn't affect the SsoModule class itself, and the SsoConfigYamlBridge does not depend on this mechanism.

Considered options

  • Load SSO config more lazily (not directly upon startup)
  • Reload SSO config by observing the resource origin for config.yaml changes (potential sync issues might cure themselves without a restart?)
  • Break away from the old module-config & decoration mechanism in v3. I'd propose we rename the magnolia module to just "sso" in module descriptor, to make sure the /magnolia-sso/config.yaml file is not attempted to be loaded by the module config registry, but only by the SSO bridge.

Stack trace

[ERROR] info.magnolia.cms.filters.ServletDispatchingFilter: Unable to load servlet class info.magnolia.sso.SsoCallbackServlet : Failed to create instance of [class info.magnolia.sso.SsoCallbackServlet]
info.magnolia.objectfactory.MgnlInstantiationException: Failed to create instance of [class info.magnolia.sso.SsoCallbackServlet]
    at info.magnolia.objectfactory.guice.GuiceComponentProvider.newInstanceWithParameterResolvers(GuiceComponentProvider.java:138) ~[magnolia-core-6.2.24.jar:?]
...
Caused by: info.magnolia.objectfactory.MgnlInstantiationException: Failed to resolve param [0] of type [class info.magnolia.sso.config.Pac4jConfigProvider]
    at info.magnolia.objectfactory.ObjectManufacturer.resolveParameters(ObjectManufacturer.java:146) ~[magnolia-core-6.2.24.jar:?]
...
Caused by: com.google.inject.ProvisionException: Unable to provision, see the following errors:
1) Error injecting constructor, info.magnolia.sso.config.SsoConfigurationException: Failed to load SSO config from path [/magnolia-sso/config.yaml]
    at info.magnolia.sso.config.Pac4jConfigProvider.(Pac4jConfigProvider.java:79)
    at info.magnolia.objectfactory.guice.GuiceComponentConfigurationModule.bindImplementation(GuiceComponentConfigurationModule.java:160) (via modules: com.google.inject.util.Modules$OverrideModule -> com.google.inject.util.Modules$OverrideModule -> info.magnolia.objectfactory.guice.GuiceComponentProviderBuilder$1 -> info.magnolia.objectfactory.guice.GuiceComponentConfigurationModule)
...
Caused by: info.magnolia.sso.config.SsoConfigurationException: Failed to load SSO config from path [/magnolia-sso/config.yaml]
    at info.magnolia.sso.config.SsoConfigYamlBridge.get(SsoConfigYamlBridge.java:77) ~[magnolia-sso-3.0.0.jar:?]
    at info.magnolia.sso.config.Pac4jConfigProvider.(Pac4jConfigProvider.java:81) ~[magnolia-sso-3.0.0.jar:?]
    at info.magnolia.sso.config.Pac4jConfigProvider$$FastClassByGuice$$cad0476c.newInstance() ~[magnolia-sso-3.0.0.jar:?]
...
Caused by: info.magnolia.resourceloader.ResourceOrigin$ResourceNotFoundException: No resource found for path /magnolia-sso/config.yaml in origin layered
    at info.magnolia.resourceloader.layered.LayeredResourceOrigin.getByPath(LayeredResourceOrigin.java:114) ~[magnolia-resource-loader-6.2.24.jar:?]
    at info.magnolia.resourceloader.layered.LayeredResourceOrigin.getByPath(LayeredResourceOrigin.java:72) ~[magnolia-resource-loader-6.2.24.jar:?]
    at info.magnolia.sso.config.SsoConfigYamlBridge.get(SsoConfigYamlBridge.java:74) ~[magnolia-sso-3.0.0.jar:?]
    at info.magnolia.sso.config.Pac4jConfigProvider.(Pac4jConfigProvider.java:81) ~[magnolia-sso-3.0.0.jar:?]
    at info.magnolia.sso.config.Pac4jConfigProvider$$FastClassByGuice$$cad0476c.newInstance() ~[magnolia-sso-3.0.0.jar:?]
...

Generated at Mon Feb 12 10:51:56 CET 2024 using Jira 9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b.