-
Type:
Bug
-
Status: Resolved
-
Priority:
Minor
-
Resolution: Fixed
-
Affects Version/s: None
-
Component/s: Authentication, Open Id
-
Release Notes Summary:Instant share is working with OpenID authentication installed, and authentication plugins now define the same authentication chain as the default one.
-
Tags:
-
Backlog priority:400
-
Team:PLATFORM
-
Sprint:nxplatform #87
-
Story Points:1
When the OpenID Authentication package is installed, the link shared with an external user given a permission redirects to the login page (401).
The problem is that the OpenID Authentication package overrides the default authentication chain:
<extension
target="org.nuxeo.ecm.platform.ui.web.auth.service.PluggableAuthenticationService"
point="chain">
<authenticationChain>
<plugins>
<plugin>BASIC_AUTH</plugin>
<plugin>TOKEN_AUTH</plugin>
<plugin>OAUTH2_AUTH</plugin>
<plugin>JWT_AUTH</plugin>
<plugin>FORM_AUTH</plugin>
<plugin>WEBENGINE_FORM_AUTH</plugin>
<plugin>ANONYMOUS_AUTH</plugin>
</plugins>
</authenticationChain>
</extension>
with the one below:
<extension
target="org.nuxeo.ecm.platform.ui.web.auth.service.PluggableAuthenticationService"
point="chain">
<authenticationChain>
<plugins>
<plugin>BASIC_AUTH</plugin>
<plugin>FORM_AUTH</plugin>
<plugin>WEBENGINE_FORM_AUTH</plugin>
<plugin>OPENID_CONNECT_AUTH</plugin>
<plugin>ANONYMOUS_AUTH</plugin>
</plugins>
</authenticationChain>
</extension>
thus, missing the required TOKEN_AUTH plugin.
Applying the following patch should fix it:
<plugin>BASIC_AUTH</plugin>
<plugin>TOKEN_AUTH</plugin>
<plugin>FORM_AUTH</plugin>
In fact, we probably also want to add OAUTH2_AUTH and JWT_AUTH.
