[MGNLSSO-57] Google OpenId authentication does not work Created: 25/May/21 Updated: 03/Aug/22 |
|
| Status: | Open |
| Project: | Single Sign On |
| Component/s: | None |
| Affects Version/s: | None |
| Fix Version/s: | None |
| Type: | Bug | Priority: | Neutral |
| Reporter: | Edwin Guilbert | Assignee: | Unassigned |
| Resolution: | Unresolved | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | 0d | ||
| Time Spent: | 0.25d | ||
| Original Estimate: | Not Specified | ||
| Environment: |
Magnolia 6.2.8 & magnolia-sso 1.1 |
||
| Attachments: |
|
||||
| Issue Links: |
|
||||
| Template: |
|
||||
| Acceptance criteria: |
Empty
|
||||
| Task DoD: |
[ ]*
Doc/release notes changes? Comment present?
[ ]*
Downstream builds green?
[ ]*
Solution information and context easily available?
[ ]*
Tests
[ ]*
FixVersion filled and not yet released
[ ] 
Architecture Decision Record (ADR)
|
||||
| Bug DoR: |
[ ]*
Steps to reproduce, expected, and actual results filled
[ ]*
Affected version filled
|
||||
| Date of First Response: | |||||
| Epic Link: | SSO support for custom IdPs | ||||
| Team: | |||||
| Description |
|
Trying to configure Google's Open ID authentication does not seem to work. I provided the following config: (using a working google project with redirect URI properly registered) authenticationService: path: /.magnolia/admincentral callbackUrl: http://localhost:8080/.auth groupMappings: /publishers: roles: - superuser pac4j: oidc.id: xxxx.apps.googleusercontent.com oidc.secret: yyyyy oidc.scope: openid email oidc.discoveryUri: https://accounts.google.com/.well-known/openid-configuration oidc.preferredJwsAlgorithm: RS256 and got the following exception in the browser after login in Google and being properly redirected to Magnolia according to the openid flow: org.pac4j.core.exception.TechnicalException: State cannot be determined org.pac4j.oidc.credentials.extractor.OidcExtractor.lambda$extract$0(OidcExtractor.java:100) java.util.Optional.orElseThrow(Optional.java:290) org.pac4j.oidc.credentials.extractor.OidcExtractor.extract(OidcExtractor.java:100) org.pac4j.core.client.BaseClient.retrieveCredentials(BaseClient.java:66) org.pac4j.core.client.IndirectClient.getCredentials(IndirectClient.java:143) org.pac4j.core.engine.DefaultCallbackLogic.perform(DefaultCallbackLogic.java:85) info.magnolia.sso.SsoCallbackServlet.doGet(SsoCallbackServlet.java:57) javax.servlet.http.HttpServlet.service(HttpServlet.java:626) javax.servlet.http.HttpServlet.service(HttpServlet.java:733) info.magnolia.cms.filters.ServletDispatchingFilter.doFilter(ServletDispatchingFilter.java:148) info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:85) info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79) info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:81) info.magnolia.cms.filters.CompositeFilter.doFilter(CompositeFilter.java:65) info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:85) info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79) info.magnolia.virtualuri.VirtualUriFilter.doFilter(VirtualUriFilter.java:98) info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:85) info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79) info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:81) info.magnolia.module.cache.executor.Bypass.processCacheRequest(Bypass.java:58) info.magnolia.module.cache.executor.CompositeExecutor.processCacheRequest(CompositeExecutor.java:66) info.magnolia.module.cache.filter.CacheFilter.doFilter(CacheFilter.java:164) info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:85) info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79) info.magnolia.cms.i18n.I18nContentSupportFilter.doFilter(I18nContentSupportFilter.java:85) info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:85) info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79) info.magnolia.cms.filters.RangeSupportFilter.doFilter(RangeSupportFilter.java:78) info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:85) info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79) info.magnolia.cms.security.BaseSecurityFilter.doFilter(BaseSecurityFilter.java:57) info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:85) info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79) info.magnolia.multisite.filters.CrossSiteSecurityFilter.doFilter(CrossSiteSecurityFilter.java:104) info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:85) info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79) info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:81) info.magnolia.cms.security.SecurityCallbackFilter.doFilter(SecurityCallbackFilter.java:84) info.magnolia.cms.filters.OncePerRequestAbstractMgnlFilter.doFilter(OncePerRequestAbstractMgnlFilter.java:59) info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79) info.magnolia.cms.security.LogoutFilter.doFilter(LogoutFilter.java:94) info.magnolia.sso.SsoLogoutFilter.doFilter(SsoLogoutFilter.java:51) info.magnolia.cms.filters.OncePerRequestAbstractMgnlFilter.doFilter(OncePerRequestAbstractMgnlFilter.java:59) info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79) info.magnolia.module.site.filters.SiteMergeFilter.doFilter(SiteMergeFilter.java:119) info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:85) info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79) info.magnolia.multisite.filters.MultiSiteFilter.doFilter(MultiSiteFilter.java:120) info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:85) info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79) info.magnolia.cms.filters.MultiChannelFilter.doFilter(MultiChannelFilter.java:83) info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:85) info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79) info.magnolia.sitemesh.webapp.MagnoliaSiteMeshFilter.bufferAndPostProcess(MagnoliaSiteMeshFilter.java:95) org.sitemesh.webapp.contentfilter.ContentBufferingFilter.doFilter(ContentBufferingFilter.java:126) org.sitemesh.webapp.SiteMeshFilter.doFilter(SiteMeshFilter.java:120) org.sitemesh.config.ConfigurableSiteMeshFilter.doFilter(ConfigurableSiteMeshFilter.java:163) info.magnolia.sitemesh.config.MagnoliaConfigurableSiteMeshFilter.doFilter(MagnoliaConfigurableSiteMeshFilter.java:92) info.magnolia.cms.filters.FilterDecorator.doFilter(FilterDecorator.java:90) info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:85) info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79) info.magnolia.module.cache.filter.GZipFilter.doFilter(GZipFilter.java:74) info.magnolia.cms.filters.OncePerRequestAbstractMgnlFilter.doFilter(OncePerRequestAbstractMgnlFilter.java:59) info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79) info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:81) info.magnolia.sso.SsoLoginFilter.lambda$doFilter$0(SsoLoginFilter.java:81) org.pac4j.core.engine.DefaultSecurityLogic.perform(DefaultSecurityLogic.java:167) info.magnolia.sso.SsoLoginFilter.doFilter(SsoLoginFilter.java:79) info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:85) info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79) info.magnolia.enterprise.registration.RegistrationFilter.doFilter(RegistrationFilter.java:79) info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:85) info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79) info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:81) info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:81) info.magnolia.cms.filters.MultipartRequestFilter.doFilter(MultipartRequestFilter.java:151) info.magnolia.cms.filters.OncePerRequestAbstractMgnlFilter.doFilter(OncePerRequestAbstractMgnlFilter.java:59) info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79) info.magnolia.personalization.preview.filter.PreviewFilter.doFilter(PreviewFilter.java:92) info.magnolia.cms.filters.OncePerRequestAbstractMgnlFilter.doFilter(OncePerRequestAbstractMgnlFilter.java:59) info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79) info.magnolia.personalization.trait.AbstractTraitDetectorFilter.doFilter(AbstractTraitDetectorFilter.java:80) info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:85) info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79) info.magnolia.personalization.trait.AbstractTraitDetectorFilter.doFilter(AbstractTraitDetectorFilter.java:80) info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:85) info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79) info.magnolia.personalization.trait.AbstractTraitDetectorFilter.doFilter(AbstractTraitDetectorFilter.java:80) info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:85) info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79) info.magnolia.personalization.trait.AbstractTraitDetectorFilter.doFilter(AbstractTraitDetectorFilter.java:80) info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:85) info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79) info.magnolia.cms.filters.ContentTypeFilter.doFilter(ContentTypeFilter.java:155) info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:85) info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79) info.magnolia.cms.filters.ContextFilter.doFilter(ContextFilter.java:128) info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:85) info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79) info.magnolia.cms.filters.CompositeFilter.doFilter(CompositeFilter.java:65) info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:85) info.magnolia.cms.filters.SafeDestroyMgnlFilterWrapper.doFilter(SafeDestroyMgnlFilterWrapper.java:107) info.magnolia.cms.filters.MgnlFilterDispatcher.doDispatch(MgnlFilterDispatcher.java:67) info.magnolia.cms.filters.MgnlMainFilter.doFilter(MgnlMainFilter.java:110) info.magnolia.cms.filters.MgnlMainFilter.doFilter(MgnlMainFilter.java:96) In the logs I only got: 2021-05-24 15:31:21,787 WARN c4j.core.client.finder.DefaultSecurityClientFinder: Migration required: use the 'force_client' parameter instead of the 'client_name' parameter to force a client for security. URL: http://localhost:8080/.auth?client_name=OidcClient&state=fad0d5203d&code=4%2F0AY0e-g5A-m0tKSFzgFGyAwn00YFIExRGExC55PtN7zkexcKtboN3aMa44MWpCdjXw5Qulg&scope=email+openid+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.email&authuser=0&prompt=consent 24-May-2021 15:35:34.522 INFO [Catalina-utility-1] org.atmosphere.util.ForkJoinPool.<init> Using ForkJoinPool java.util.concurrent.ForkJoinPool. Set the org.atmosphere.cpr.broadcaster.maxAsyncWriteThreads to -1 to fully use its power.
|
| Comments |
| Comment by Maxime Michel [ 26/May/21 ] |
|
Two issues:
|
| Comment by Maxime Michel [ 27/May/21 ] |
|
This is still an issue but I will not work on it right now after discussing with slutz. Yesterday I was able to make it work with the following changes: https://git.magnolia-cms.com/projects/ENTERPRISE/repos/magnolia-sso/browse?at=refs%2Fheads%2Fgoogle-poc |