Using a mock OIDC server
By design, you cannot disable the SSO module and come back to the regular login filter. When the IDP server goes down or is not configured properly, it can lead to a locked Magnolia instance.
The goal of this page is to show how a mock OIDC server can easily be spun up, in order to quickly recover access to a Magnolia instance on which the module has been installed.
The solution relies on the node-oidc-provider Javascript library. You can either run the specific Docker image we created or run it yourself using Node. In any case, you will need a configuration like the following: |
authenticationService:
path: /.magnolia/admincentral
callbackUrl: http://localhost:8080/.auth
authorizationGenerators:
# groups aren't supported by the mock server, let's use a fixed role instead
fixedRoleAuthorizationGenerator:
class: info.magnolia.sso.oidc.FixedRoleAuthorizationGenerator
roles:
- superuser
pac4j:
oidc.id: my-client
oidc.secret: my-secret
oidc.scope: openid profile email
oidc.discoveryUri: http://localhost:9090/.well-known/openid-configuration
oidc.preferredJwsAlgorithm: RS256
Then, run the actual server. When it is up, you will be able to log in with any username and password combination.
Run with Docker
docker run \
--env PORT=9090 \
--env CLIENT_ID=my-client \
--env CLIENT_SECRET=my-secret \
--env CLIENT_REDIRECT_URI=http://localhost:8080/.auth \
--env CLIENT_LOGOUT_REDIRECT_URI=http://localhost:8080/.magnolia/admincentral \
-p 9090:9090 \
magnolia/mock-oidc-user-server:latest
Run with Node
git clone https://github.com/magnolia-cms/mock-oidc-user-server.git
cd mock-oidc-user-server
npm i
export CLIENT_ID=my-client
export CLIENT_SECRET=my-secret
export CLIENT_REDIRECT_URI=http://localhost:8080/.auth
export CLIENT_LOGOUT_REDIRECT_URI=http://localhost:8080/.magnolia/admincentral
npm run start