Using a mock OIDC server

By design, you cannot disable the SSO module and come back to the regular login filter. When the IDP server goes down or is not configured properly, it can lead to a locked Magnolia instance.

The goal of this page is to show how a mock OIDC server can easily be spun up, in order to quickly recover access to a Magnolia instance on which the module has been installed.

The solution relies on the node-oidc-provider Javascript library. You can either run the specific Docker image we created or run it yourself using Node. In any case, you will need a configuration like the following:
path: /.magnolia/admincentral
callbackUrl: http://localhost:8080/.auth
postLogoutRedirectUri: http://localhost:8080/.magnolia/admincentral
authorizationGenerators:
  - name: fixedRoleAuthorization
    fixed:
      targetRoles:
        - superuser
clients:
  oidc.id: 0oa1im...nyHpIvI0x7
  oidc.secret: aKzLmsj...tIL8HKkh6
  oidc.clientAuthenticationMethod: client_secret_basic
  oidc.scope: openid profile email
  oidc.discoveryUri:  https://id-preview.magnolia-cloud.com/oauth2/aus1qwk5o26KsY7eW0x7/.well-known/openid-configuration
  oidc.preferredJwsAlgorithm: RS256
  oidc.authorizationGenerators: fixedRoleAuthorization

Then, run the actual server. When it is up, you will be able to log in with any username and password combination.

Run with Docker

docker run \
  --env PORT=9090 \
  --env CLIENT_ID=my-client \
  --env CLIENT_SECRET=my-secret \
  --env CLIENT_REDIRECT_URI=http://localhost:8080/.auth \
  --env CLIENT_LOGOUT_REDIRECT_URI=http://localhost:8080/.magnolia/admincentral \
  -p 9090:9090 \
  magnolia/mock-oidc-user-server:latest

Run with Node

git clone https://github.com/magnolia-cms/mock-oidc-user-server.git
cd mock-oidc-user-server
npm i
export CLIENT_ID=my-client
export CLIENT_SECRET=my-secret
export CLIENT_REDIRECT_URI=http://localhost:8080/.auth
export CLIENT_LOGOUT_REDIRECT_URI=http://localhost:8080/.magnolia/admincentral
npm run start
Feedback