Uploaded image for project: 'Nuxeo Platform'
  1. Nuxeo Platform
  2. NXP-30228

Instant share is broken with OpenID Authentication installed

    Details

      Description

      When the  OpenID Authentication package is installed, the link shared with an external user given a permission redirects to the login page (401).

      The problem is that the  OpenID Authentication package overrides the default authentication chain:

        <extension
          target="org.nuxeo.ecm.platform.ui.web.auth.service.PluggableAuthenticationService"
          point="chain">
      
          <authenticationChain>
            <plugins>
              <plugin>BASIC_AUTH</plugin>
              <plugin>TOKEN_AUTH</plugin>
              <plugin>OAUTH2_AUTH</plugin>
              <plugin>JWT_AUTH</plugin>
              <plugin>FORM_AUTH</plugin>
              <plugin>WEBENGINE_FORM_AUTH</plugin>
              <plugin>ANONYMOUS_AUTH</plugin>
            </plugins>
          </authenticationChain>
        </extension>
       

      with the one below:

        <extension
          target="org.nuxeo.ecm.platform.ui.web.auth.service.PluggableAuthenticationService"
          point="chain">
      
          <authenticationChain>
            <plugins>
              <plugin>BASIC_AUTH</plugin>
              <plugin>FORM_AUTH</plugin>
              <plugin>WEBENGINE_FORM_AUTH</plugin>
              <plugin>OPENID_CONNECT_AUTH</plugin>
              <plugin>ANONYMOUS_AUTH</plugin>
            </plugins>
          </authenticationChain>
        </extension>
      

      thus, missing the required TOKEN_AUTH plugin.

      Applying the following patch should fix it:

               <plugin>BASIC_AUTH</plugin>
               <plugin>TOKEN_AUTH</plugin>
               <plugin>FORM_AUTH</plugin>
      

      In fact, we probably also want to add OAUTH2_AUTH and JWT_AUTH.

        Attachments

          Activity

            People

            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:

                PagerDuty

                Error rendering 'com.pagerduty.jira-server-plugin:PagerDuty'. Please contact your Jira administrators.