[MGNLSSO-26] Look into using a securityCallback Created: 08/May/20 Updated: 07/Jan/22 Resolved: 23/Jun/20 |
|
| Status: | Closed |
| Project: | Single Sign On |
| Component/s: | None |
| Affects Version/s: | None |
| Fix Version/s: | 1.0 |
| Type: | Task | Priority: | Neutral |
| Reporter: | Maxime Michel | Assignee: | Maxime Michel |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||
| Template: |
|
||||||||
| Acceptance criteria: |
Empty
|
||||||||
| Task DoR: |
Empty
|
||||||||
| Epic Link: | Magnolia SSO w/ pac4j | ||||||||
| Description |
|
Currently, a role with basic permissions is given to any SSO user, in order to prevent infinite Keycloak-Magnolia loops in cases where security isn't defined properly. The proper way to handle lack of security in Magnolia, however, is to use a securityCallback. |