Using a mock OIDC server
By design, you cannot disable the SSO module and come back to the regular login filter. When the IDP server goes down or is not configured properly, it can lead to a locked Magnolia instance.
The goal of this page is to show how a mock OIDC server can be spun up in order to quickly recover access to a Magnolia instance on which the module has been installed.
The solution relies on the node-oidc-provider Javascript library. You can either run the specific Docker image we created or run it yourself using Node. In any case, you need a configuration like the following: |
path: /.magnolia/admincentral
callbackUrl: http://localhost:8080/.auth
postLogoutRedirectUri: http://localhost:8080/.magnolia/admincentral
authorizationGenerators:
- name: fixedRoleAuthorization
fixed:
targetRoles:
- superuser
clients:
oidc.id: my-client
oidc.secret: my-secret
oidc.clientAuthenticationMethod: client_secret_basic
oidc.scope: openid profile email
oidc.discoveryUri: http://localhost:9090/.well-known/openid-configuration
oidc.preferredJwsAlgorithm: RS256
oidc.authorizationGenerators: fixedRoleAuthorization
Then, run the actual server. When it is up, you will be able to log in with any username and password combination.
Run with Docker
docker run \
--env PORT=9090 \
--env CLIENT_ID=my-client \
--env CLIENT_SECRET=my-secret \
--env CLIENT_REDIRECT_URI=http://localhost:8080/.auth \
--env CLIENT_LOGOUT_REDIRECT_URI=http://localhost:8080/.magnolia/admincentral \
-p 9090:9090 \
magnolia/mock-oidc-user-server:latest
Run with Node
git clone https://github.com/magnolia-cms/mock-oidc-user-server.git
cd mock-oidc-user-server
npm i
export CLIENT_ID=my-client
export CLIENT_SECRET=my-secret
export CLIENT_REDIRECT_URI=http://localhost:8080/.auth
export CLIENT_LOGOUT_REDIRECT_URI=http://localhost:8080/.magnolia/admincentral
npm run start