[MGNLSSO-51] UserManager is null despite being defined Created: 29/Mar/21  Updated: 04/Nov/21  Resolved: 04/Nov/21

Status: Closed
Project: Single Sign On
Component/s: None
Affects Version/s: None
Fix Version/s: None

Type: Improvement Priority: Major
Reporter: Alex Day Assignee: Unassigned
Resolution: Workaround exists Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified
Environment:

linux, java 1.8, tomcat 9


Attachments: File config.yaml    
Template:
Acceptance criteria:
Empty
Task DoD:
[ ]* Doc/release notes changes? Comment present?
[ ]* Downstream builds green?
[ ]* Solution information and context easily available?
[ ]* Tests
[ ]* FixVersion filled and not yet released
[ ]  Architecture Decision Record (ADR)
Date of First Response:

 Description   

Steps to reproduce

  1. Install magnolia-sso-connector module version 2.7.2 (maven dependency)
  2. setup mymodule/decorations/sso-connector/config.yaml defining an authentication service `fusionOpenIdConnect` (example attached)
  3. update jaas.config, defining `fusionOpenIdConnect` realm
  4. configure `/server/filters/login/loginHandlers/SSOConnector` with `jaasChain: fusionOpenIdConnect`
  5. configure `/server/filters/securityCallback/clientCallbacks/fusionOpenIdConnect` with `authenticationServiceName: fusionOpenIdConnect` and appropriate class
  6. update `/server/security/userManagers/sso-authentication` setting `realmName: fusionOpenIdConnect`
  7. order `fusionOpenIdConnect` above `form` under `/server/filters/securityCallback/clientCallbacks/fusionOpenIdConnect`
  8. Open a new private browser window and attempt login to /magnoliaAuthor/

Expected results

Successful login to Magnolia admin central

Actual results

Infinite redirect loop between Magnolia and Azure AD.

Debugging has identified that userManager is null in the lines shown below below from `info.magnolia.connector.sso.util.UserAccountUtils`.
Also realmName is `fusionOpenIdConnect`, matching the value set above

```
ExternalUserManager userManager = (ExternalUserManager) securitySupport.getUserManager(realmName);
return userManager.getUser(userDetails, groupList, roleList);
```

Workaround

None found as of yet

Development notes


Update: Request to improve documentation, especially that found on this page: https://documentation.magnolia-cms.com/display/SERVICES/SSO+Admincentral+Login



 Comments   
Comment by Alex Day [ 29/Mar/21 ]

Howdy!

Since writing this I reset my environment and set up SSO from the top again. This time I did an additional step of renaming `/server/security/userManagers/sso-authentication` to `fusionOpenIdConnect` and that seems to have been the missing step to get the user manager to be available (and not null).

Perhaps this can be downgraded from a bug, to a request for updated documentation?

Thanks,
Alex

Comment by Lars Fischer [ 04/Nov/21 ]

Hi Alex,

thanks for providing the information! The names indeed need to match, otherwise it won't work.

The SSO Connector is on hold because there is the Magnolia SSO module, so further development is not planned.

Thanks,

Lars

Generated at Mon Feb 12 10:50:38 CET 2024 using Jira 9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b.