SSO module changelog
|
Magnolia SSO 4.0.0 is in beta with Magnolia 6.3. We are updating docs based on development and feedback. Consider the beta docs currently in a state of progress and not final. |
The changelog gives you an overview of the changes made to the SSO module at each release.
This changelog covers the 4.0.x branch of the SSO module. For the 3.1.x changelog, see here.
|
4.0.0-beta2
Not yet publicly released
This release lets you connect with multiple identity providers and ensures access to your Magnolia instance by allowing your SSO system to fall back to Magnolia users stored in the JCR when required.
| Ticket | Type | Description |
|---|---|---|
Ability to use default Magnolia login as well as SSO login. See Configuring a fallback login. |
||
Add support for authorisation of web pages. |
||
Introduce a new |
Upgrading from SSO 3.1.x to 4.0.0
SSO 4.0.x module introduces several important updates and requirements.
Each section below details specific actions and modifications needed to ensure a smooth upgrade and continued functionality.
| Make sure you test the upgraded module on a development environment before proceeding. |
Compatibility
SSO 4.0.x is compatible with Magnolia CMS 6.2.44 and later, including Magnolia CMS 6.3.x. When you upgrade to SSO module 4.0.0, you must also upgrade Magnolia to v6.2.44 or later.
Magnolia 6.2.44 brings required changes (MAGNOLIA-9200) to the info.magnolia.cms.security.auth.login.LoginHandler interface and centralizes the login and logout logic into the handlers, which are configured under info.magnolia.cms.security.LogoutFilter.
Configuration changes
If you use SSO 3.1.x and upgrade to 4.0.x, you must update your configuration in your /magnolia-sso/config.yaml file or the module won’t start.
You must remove the following properties:
-
path -
postLogoutRedirectUri
Removed classes
SSO 4.0.0 removes the following classes:
-
info.magnolia.sso.SsoLoginFilter
-
info.magnolia.sso.SsoLogoutFilter
If you have a custom implementation based on these classes, you must change it.
Enabling the JCR-based fallback login
If you plan to make use of the optional fallback login functionality provided in SSO 4.0.0, we recommend updating your JAAS configuration during the upgrade process because making changes to your jaas.config file requires you to restart the instance.
While updating the jaas.config file is not necessary for SSO to function correctly, it’s required to enable the JCR-based fallback functionality.
For SSO Login Extension module users
The sso-login-extension incubator module can’t be installed with SSO 4.0.0 and later.
You must adapt your configuration to replace the functionality previously offered by the sso-login-extension incubator module with the equivalent functionality in SSO 4.0.0.
-
Uninstall the
sso-login-extensionmodule. -
Edit your
jaas.configfile so that it looks like this:sso-authentication { info.magnolia.sso.jaas.SsoAuthenticationModule requisite; info.magnolia.jaas.sp.jcr.JCRAuthorizationModule required; }; -
Revert your configuration to this:
/server/filters/login/class = info.magnolia.sso.SsoLoginFilter /server/filters/securityCallback/clientCallbacks/magnolia-sso/class = info.magnolia.sso.UserInitiatedRedirectClientCallbackSince it is a change in the configuration of the login, you need to use a groovy script or do it in rescue mode.
-
Remove the following dependency from your project:
<dependency> <groupId>info.magnolia.sso</groupId> <artifactId>sso-login-extension</artifactId> <version>1.0.2</version> </dependency>
-
Install SSO module
4.0.x. -
Reconfigure the SSO module to achieve the same behavior as before.
The
sso-login-extensionincubator module uses a JCR configuration to define the paths to be protected on login. In contrast, the SSO module uses roles that deny access to a specific part of the site, effectively protecting them during login.
