[MGNLSSO-206] Upgrade Pac4j to latest version 5.7.x Created: 28/Nov/22  Updated: 23/Jan/23  Resolved: 04/Jan/23

Status: Closed
Project: Single Sign On
Component/s: None
Affects Version/s: None
Fix Version/s: 3.0.1

Type: Story Priority: Major
Reporter: Nguyen Phung Chi Assignee: Nguyen Phung Chi
Resolution: Fixed Votes: 0
Labels: None
Σ Remaining Estimate: Not Specified Remaining Estimate: Not Specified
Σ Time Spent: 3d 3h Time Spent: 3d 3h
Σ Original Estimate: Not Specified Original Estimate: Not Specified

Issue Links:
causality
is causing MGNLSSO-231 Improve error messages when pac4j con... Open
relation
is related to MGNLSSO-219 Remove usage of deprecated code in pac4j Open
Sub-Tasks:
Key
Summary
Type
Status
Assignee
MGNLSSO-214 Upgrade Pac4j Sub-task Completed Evzen Fochr  
MGNLSSO-215 Pre-Integration QA Sub-task Closed  
MGNLSSO-216 QA Sub-task Completed Evzen Fochr  
MGNLSSO-217 Review Sub-task Closed Nguyen Phung Chi  
MGNLSSO-224 Resolve start up issue in Magnolia 6.3 Sub-task Completed Nguyen Phung Chi  
Template:
Acceptance criteria:
Empty
Task DoD:
[X]* Doc/release notes changes? Comment present?
[X]* Downstream builds green?
[X]* Solution information and context easily available?
[X]* Tests
[X]* FixVersion filled and not yet released
[ ]  Architecture Decision Record (ADR)
Release notes required:
Yes
Documentation update required:
Yes
Epic Link: SSO support for custom IdPs
Sprint: AdminX 25, AdminX 26 Xmas & New year
Story Points: 3
Team: AdminX
Work Started:

 Description   

Context

Currently, magnolia-sso module is using Pac4j version 5.4.6, and Pac4j has released 5.7.x quite some times.

ACs:

  • Make use of the latest Pac4j version 5.7.x (current is 5.7.0) to have better shape for SSO module

Development notes:

I had a scan through the change log (https://github.com/pac4j/pac4j/blob/master/documentation/docs/release-notes.md#jdk11) from 5.4.6 to 5.7.0, there is a change could impact the SSO module directly:

v5.7.0:
The oauth.getProfileCreator() and the oidc.getProfileCreator() can directly be used in the ParameterClientHeaderClient and DirectBearerAuthClient for bearer calls; Deprecated the UserInfoOidcAuthenticator

Cause we are using UserInfoOidcAuthenticator for HTTP Bearer authentication, cc mgeljic . So, we have to review this and find an alternative authenticator.

Discovery

  • In general, this will not have any blocker issue in the upgrade process
  • About the deprecated UserInfoOidcAuthenticator , we can still use the authenticator or even better to refactor it to use oidc.getProfileCreator() instead

Generated at Mon Feb 12 10:52:05 CET 2024 using Jira 9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b.