[MGNLSSO-283] Environment specific configuration Created: 11/May/23  Updated: 18/Jun/23  Resolved: 02/Jun/23

Status: Closed
Project: Single Sign On
Component/s: None
Affects Version/s: 3.1.3
Fix Version/s: saas, 3.1.4

Type: Improvement Priority: High
Reporter: Richard Gange Assignee: Nguyen Phung Chi
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: 4d 1.5h
Original Estimate: Not Specified

Attachments: PNG File screenshot-1.png     PNG File screenshot-2.png    
Issue Links:
Relates
relates to MGNLSSO-288 DOC: How to set environment specific ... Closed
relation
Template:
Acceptance criteria:
Empty
Task DoD:
[X]* Doc/release notes changes? Comment present?
[X]* Downstream builds green?
[X]* Solution information and context easily available?
[X]* Tests
[X]* FixVersion filled and not yet released
[ ]  Architecture Decision Record (ADR)
Documentation update required:
Yes
Date of First Response:
Epic Link: SSO maintenance
Team: AdminX
Work Started:
Approved:
Yes

 Description   

As a developer I need the flexibility to be able to configure SSO on a per environment basis.

This line creates an issue. A hard coded config path doesn't provide the flexibility for multiple different environments.

Ideally I want to be able to set the location of the configuration in properties file:

sso.config=WEB-INF/config/default/sso.config

Remove the restriction of having the sso config is a specific module.



 Comments   
Comment by Minh Nguyen [ 16/May/23 ]

Hi,
 
I have used the sys env for this use-case

  1. edit VM options to have
    1. -Dmagnolia.yaml.envsubst=true
  2. any values need configurable might have prefix !env
    callbackUrl: !env ${MAGNOLIA_PARTNER_SSO_CALLBACK_BASE_URL}/.auth
    postLogoutRedirectUri: !env ${MAGNOLIA_PARTNER_SSO_CALLBACK_BASE_URL}
    
  3. I set in sys env


Thank you.

Comment by Minh Nguyen [ 19/May/23 ]

I make it public, and I can share the whole sso config file.

#path: /travel => this works
# => just / did not work for me
path: /partner-portal
callbackUrl: !env ${MAGNOLIA_PARTNER_SSO_CALLBACK_BASE_URL}/.auth
postLogoutRedirectUri: !env ${MAGNOLIA_PARTNER_SSO_CALLBACK_BASE_URL}
authorizationGenerators:
  - name: fixedRoleAuthorization
    fixed:
      targetRoles:
        - superuser


clients:
  oidc.id: !env ${MAGNOLIA_PARTNER_SSO_OIDCID}
  oidc.secret: !env ${MAGNOLIA_PARTNER_SSO_OIDCSECRET}
  oidc.clientAuthenticationMethod: client_secret_post
  oidc.scope: openid profile email groups
  oidc.discoveryUri: !env ${MAGNOLIA_PARTNER_SSO_DISCOVERY_URL}
  oidc.preferredJwsAlgorithm: RS256
  oidc.authorizationGenerators: fixedRoleAuthorization

userFieldMappings:
  name: name
  removeEmailDomainFromUserName: true
  removeSpecialCharactersFromUserName: false
  fullName: name
  email: email
  language: locale

Thank you.

Generated at Mon Feb 12 10:52:47 CET 2024 using Jira 9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b.