Custom authorization generators
You can configure a custom authorization generator using a Java Service Provider Interface (SPI).
This approach is required to build a service provider that implements our SPI (info.magnolia.sso.config.spi.AuthorizationGeneratorProvider ) and provides the implementation for Pac4j (org.pac4j.core.authorization.generator.AuthorizationGenerator ).
|
Check out the Microsoft Azure Active Directory custom group authentication for a complete walkthrough with custom authorization generators.
Instructions
To configure a custom authorization generator, place the classes and the configuration file in a Magnolia custom module that depends on the SSO module and the Pac4j core artifact org.pac4j:pac4j-core@5.7.0
.
For example purposes, let’s run through some instructions below.
-
Package
com.example.impl.CustomAuthorizationGeneratorProvider
andcom.example.impl.CustomAuthorizationGenerator
in a JAR file for the class path. The JAR file will contain a provider configuration file namedMETA-INF/services/info.magnolia.sso.config.spi.AuthorizationGeneratorProvider
that should contain the following line:com.example.impl.CustomAuthorizationGeneratorProvider (1)
1 Where CustomAuthorizationGeneratorProvider
is the name of your service provider that implements our SPI (info.magnolia.sso.config.spi.AuthorizationGeneratorProvider
). -
Configure the service provider using its simple class name, or fully-qualified class name, for your desired client as part of the
<magnolia.resources.dir>/magnolia-sso/.config.yaml
file in your SSO module.clients: oidc.id: 0o...x7 oidc.secret: aK...th6 oidc.authorizationGenerators: CustomAuthorizationGeneratorProvider (1) # Or fully-qualified class name # oidc.authorizationGenerators: com.example.impl.CustomAuthorizationGeneratorProvider
1 Where CustomAuthorizationGeneratorProvider
is the name of your service provider defined inMETA-INF/services/info.magnolia.sso.config.spi.AuthorizationGeneratorProvider
.