[MGNLSSO-300] Role sso-redirect-uri-authorizer doesn't work with multisite Created: 09/Aug/23  Updated: 29/Sep/23

Status: Accepted
Project: Single Sign On
Component/s: None
Affects Version/s: 3.1.5
Fix Version/s: None

Type: Bug Priority: Major
Reporter: Fabian Mangold Assignee: Unassigned
Resolution: Unresolved Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Relates
relates to MGNLSSO-298 Module update tasks not working in SS... Closed
Template:
Acceptance criteria:
Empty
Task DoD:
[ ]* Doc/release notes changes? Comment present?
[ ]* Downstream builds green?
[ ]* Solution information and context easily available?
[ ]* Tests
[ ]* FixVersion filled and not yet released
[ ]  Architecture Decision Record (ADR)
Bug DoR:
[ ]* Steps to reproduce, expected, and actual results filled
[ ]* Affected version filled
Date of First Response:
Epic Link: SSO maintenance
Team: AdminX

 Description   

When using Multisite / Domain mappings, specific rules seem to be required (ref. the customer's comment dated May 6th in HELPDESK-2601):

This note is useless for anyone using the multisite module, since the installed role sso-redirect-uri-authorizer is not working if you’re using the multisite module. I guess this would be worth mentioning.

And could you please give me an answer to the question:
Isn’t the ACL supposed to be site independent if no site parameter is configured in front of the URL? 
https://docs.magnolia-cms.com/product-docs/6.2/Administration/Security/Cross-site-security.html#_site_specific_acls
Or how else do you configure an ACL that is valid for all sites? Because in our project we’re going to have multiple site definitions (20+) and I prefer not to configure an ACL rule on auth ( <site-name>/.auth ) for every site that’s created. This is really error prone.

Steps to reproduce

  1. Configure multisite with multiple domains mapped
  2. Ensure you have a hosts setup where you can troubleshoot multisite/domains
  3. Log in from other domain
  4. Redirect loop? 

Expected results

Successful login from any domain

Actual results

Workaround

Development notes

 


Generated at Mon Feb 12 10:52:58 CET 2024 using Jira 9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b.