Activation is authenticated using public-key cryptography to make the activation process secure.
Public-key cryptography is a system that requires two separate keys: one to lock or encrypt the plain text request and another to unlock or decrypt the cyphertext request. Neither key can do both and neither is derivable from knowledge of the other. One is published and the other is kept private.
On receiving an activation request, a public instance authenticates the author instance sending the request by means of the secure key. The system generates the key automatically on the first activation of content and transfers it to the public instance. New keys can be generated at any time in AdminCentral on the author instance. A single key is used for multiple public instances.
Prior to Magnolia CMS 4.5, activation authentication relied on user credentials to determine the validity of activation requests. This required that instance users be kept in sync and presented possible vulnerabilities if user login details were compromised.
The authentication mechanism requires no configuration. The public key is generated automatically on the first activation of content and transferred to the public instance. The configuration is identical on both instances at Configuration >
The key is stored on the local file system. If you use the default Magnolia CMS bundle, the location of the key is configured in a
magnolia.properties file. If you migrate your own project to Magnolia 4.5, create the above key and set is value in your
# Location of private and public keys used for activation magnolia.author.key.location=WEB-INF/config/default/keypair.properties
Generating a new public key
New public keys can be generated at Tools > Activation. Key length of 512 to 1024 characters is possible.
Current Public Key displays the key currently registered in Configuration >
Generated New key produces a new key that is automatically registered as the public key on the author instance.
A newly generated public key needs to be copied to all public instances. It is not transferred automatically on activation as is the case with the initial key.
To update the key on the public instance:
- Copy the new key from Configuration >
server/activation/publicKeyor from the Current Public key box on the author instance.
- Paste it to Configuration >
server/activation/publicKeyon the public instance.
When a new key is generated, the
publicKey node cannot be activated to the public instance as at this point a mismatch exists between the keys on author and public.
If activation fails due to a mismatch of the keys on the two instances, an error "Handshake information for activation was incorrect" is displayed. To resolve these issues generate a new key and copy it to the public instance.
You will also find error messages in the logs:
ERROR info.magnolia.commands.MgnlCommand 02.01.2012 13:28:09 -- Exception caught during deactivation. info.magnolia.cms.exchange.ExchangeException: 1 error detected: Caused by: info.magnolia.cms.exchange.ExchangeException: