Using a mock OIDC server

By design, you cannot disable the SSO module and come back to the regular login filter. When the IDP server goes down or is not configured properly, it can lead to a locked Magnolia instance.

The goal of this page is to show how a mock OIDC server can easily be spun up, in order to quickly recover access to a Magnolia instance on which the module has been installed.

The solution relies on the node-oidc-provider Javascript library. You can either run the specific Docker image we created or run it yourself using Node. In any case, you will need a configuration like the following:
authenticationService:
  path: /.magnolia/admincentral
  callbackUrl: http://localhost:8080/.auth
  authorizationGenerators:
    # groups aren't supported by the mock server, let's use a fixed role instead
    fixedRoleAuthorizationGenerator:
      class: info.magnolia.sso.oidc.FixedRoleAuthorizationGenerator
      roles:
        - superuser
  pac4j:
    oidc.id: my-client
    oidc.secret: my-secret
    oidc.scope: openid profile email
    oidc.discoveryUri: http://localhost:9090/.well-known/openid-configuration
    oidc.preferredJwsAlgorithm: RS256

Then, run the actual server. When it is up, you will be able to log in with any username and password combination.

Run with Docker

docker run \
  --env PORT=9090 \
  --env CLIENT_ID=my-client \
  --env CLIENT_SECRET=my-secret \
  --env CLIENT_REDIRECT_URI=http://localhost:8080/.auth \
  --env CLIENT_LOGOUT_REDIRECT_URI=http://localhost:8080/.magnolia/admincentral \
  -p 9090:9090 \
  mgnl/mock-oidc-user-server:latest

Run with Node

git clone https://github.com/magnolia-cms/mock-oidc-user-server.git
cd mock-oidc-user-server
npm i
export CLIENT_ID=my-client
export CLIENT_SECRET=my-secret
export CLIENT_REDIRECT_URI=http://localhost:8080/.auth
export CLIENT_LOGOUT_REDIRECT_URI=http://localhost:8080/.magnolia/admincentral
npm run start
Feedback