-
Type:
Bug
-
Status: Resolved
-
Priority:
Minor
-
Resolution: Fixed
-
Affects Version/s: 9.10, 10.2
-
Component/s: Login Page, SAML
Reproduction scenario
- setup up Nuxeo in a SAML environment like in the documentation here:
https://doc.nuxeo.com/nxdoc/saml-20-authentication/#integrating-the-nuxeo-platform-with-a-saml-20-idp - keep FORM_AUTH in the authentication chain to see the button
- access Nuxeo login page
- observe the IdP button is diplayed under the login fields (see withoutBranding.png)
- configure branding in Studio
- sync with the server
- observe the IdP button is not displayed any longer (see withBranding.png)
- now remove the branding from studio
- sync the server
- now try without Studio add the following contribution (it is the same as the Studio one)
<extension target="org.nuxeo.ecm.platform.ui.web.auth.service.PluggableAuthenticationService" point="loginScreen"> <loginScreenConfig> <bodyBackgroundStyle>url("${org.nuxeo.ecm.contextPath}/img/login_bg.jpg") no-repeat center center fixed #333</bodyBackgroundStyle> <disableBackgroundSizeCover>false</disableBackgroundSizeCover> <removeNews>false</removeNews> <footerStyle></footerStyle> <loginBoxBackgroundStyle>none 0 0 null</loginBoxBackgroundStyle> <loginBoxWidth>300px</loginBoxWidth> <loginButtonBackgroundColor>#0066ff</loginButtonBackgroundColor> <logoUrl>${org.nuxeo.ecm.contextPath}/img/nuxeo_logo.png</logoUrl> <logoAlt>Nuxeo</logoAlt> <logoWidth>113</logoWidth> <logoHeight>20</logoHeight> </loginScreenConfig> </extension>
to the SAML configuration XML file defined server-side.
- observe when it is inserted before SAML configuration, the login config is not taken into account
- observe when it is inserted after SAML configuration, IdP button is not visible
Expected behavior: configuring branding should not alter the login screen
Primary analysis
- the login screen is generated from the page $NUXEO_HOME/nxserver/nuxeo.war/login.jsp
This is located into those pieces of code:
https://github.com/nuxeo/nuxeo/blob/master/nuxeo-services/nuxeo-platform-web-common/src/main/resources/web/nuxeo.war/login.jsp#L44oginScreenConfig screenConfig = LoginScreenHelper.getConfig(); List<LoginProviderLink> providers = screenConfig.getProviders(); boolean useExternalProviders = providers!=null && providers.size()>0;
<% if (useExternalProviders) {%> <div class="loginOptions"> <p><fmt:message bundle="${messages}" key="label.login.loginWithAnotherId" /></p> <div class="idList"> <% for (LoginProviderLink provider : providers) { %> <div class="idItem"> <a href="<%= provider.getLink(request, request.getContextPath() + request.getParameter("requestedUrl")) %>" style="background-image:url('<%=(context + provider.getIconPath())%>')" title="<%=provider.getDescription()%>"><%=provider.getLabel()%> </a> </div> <%}%> </div> </div> <%}%> - after some debugging, the problem is the LoginScreenHelper.getProviders() method returns an empty list of providers when the login screen config is contributed
https://github.com/nuxeo/nuxeo/blob/master/nuxeo-services/nuxeo-platform-web-common/src/main/java/org/nuxeo/ecm/platform/ui/web/auth/service/LoginScreenConfig.java#L63 - this should not be the case because the SAMLAuthenticationProvider is actually registering itself here:
https://github.com/nuxeo/nuxeo/blob/master/nuxeo-services/login/nuxeo-platform-login-saml2/src/main/java/org/nuxeo/ecm/platform/auth/saml/SAMLAuthenticationProvider.java#L245LoginScreenHelper.registerLoginProvider(parameters.get("name"), parameters.get("icon"), null, parameters.get("label"), parameters.get("description"), this); - it seems the LoginScreenConfig is reset for some reason but I cannot pinpoint the location
