[MGNLSSO-35] Allow Magnolia to be used as pac4j middle-man in PUR scenarios Created: 27/Jul/20 Updated: 25/Jan/24 Resolved: 16/Mar/21 |
|
| Status: | Closed |
| Project: | Single Sign On |
| Component/s: | None |
| Affects Version/s: | None |
| Fix Version/s: | None |
| Type: | Task | Priority: | Neutral |
| Reporter: | Maxime Michel | Assignee: | Unassigned |
| Resolution: | Won't Fix | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||||||||||||||||||||||||||||||
| Template: |
|
||||||||||||||||||||||||||||||||||||
| Acceptance criteria: |
Empty
|
||||||||||||||||||||||||||||||||||||
| Task DoR: |
Empty
|
||||||||||||||||||||||||||||||||||||
| Date of First Response: | |||||||||||||||||||||||||||||||||||||
| Description |
|
Although pac4j's APIs helped a lot in order to lower the code complexity of logging a user into Admincentral using Keycloak as an identity provider, the module still could do more. One common scenario is a user logging into an area of a public website through Facebook, Twitter, GitHub, etc. SSO authentication. A back-end server is needed in those cases because without it, the front-end application would need to store the application ID and secret in the front-end code directly, which is unsafe, as it can be read easily. Luckily, Magnolia and pac4j can chime in. pac4j ships a ton of pre-configured clients: http://www.pac4j.org/docs/clients/oauth.html What we would need to do would be to provide configurable endpoints, such as the following simple project does: https://github.com/jooby-project/pac4j-starter This has little to do with the current use case the module is solving. Magnolia components such as the login and logout filters, the UserManager, the ExternalUser, etc. can be left out from such a scenario. I therefore suggest to split the module into two or three distinct submodules:
|
| Comments |
| Comment by Maxime Michel [ 16/Mar/21 ] |
|
We ended up deciding to not cover this use case in this module. |
| Comment by Mikaël Geljić [ 25/Jan/24 ] |
|
tracking this story as MGNLSSO-86 moving forward. |