Magnolia 4.5 reached end of life on June 30, 2016. This branch is no longer supported, see End-of-life policy.

Page tree
Skip to end of metadata
Go to start of metadata

Activation of content from author to public instances is authenticated using public-key cryptography. Public-key cryptography is a system that requires two separate keys: one to lock or encrypt the plain text request and another to unlock or decrypt the cyphertext request. Neither key can do both and neither is derivable from knowledge of the other. One is published and the other is kept private.

On receiving an activation request, a public instance authenticates the author instance sending the request by means of the secure key. The system generates the key automatically on the first activation of content and transfers it to the public instance. New keys can be generated at any time in AdminCentral on the author instance. A single key is used for multiple public instances.

Prior to Magnolia 4.5, activation authentication relied on user credentials to determine the validity of activation requests. This required that instance users be kept in sync and presented possible vulnerabilities if user login details were compromised.

Configuration

The authentication mechanism requires no configuration. The public key is generated automatically on the first activation of content and transferred to the public instance. The configuration is identical on both instances at Configuration > server/activation/publicKey.

The key is stored on the local file system. If you use the default Magnolia bundle, the location of the key is configured in a magnolia.properties file. If you migrate your own project to Magnolia 4.5, create the above key and set is value in your magnolia.properties file.

# Location of private and public keys used for activation
magnolia.author.key.location=WEB-INF/config/default/keypair.properties

Generating a new public key

New public keys can be generated at Tools > Activation. Key length of 512 to 1024 bits is possible.

Current Public Key displays the key currently registered in Configuration > server/activation/publicKey.

Generated New key produces a new key that is automatically registered as the public key on the author instance.

A newly generated public key needs to be copied to all public instances. It is not transferred automatically on activation as is the case with the initial key.

To update the key on the public instance:

  1. Copy the new key from Configuration > server/activation/publicKey or from the Current Public key box on the author instance.
  2. Paste it to Configuration > server/activation/publicKey on the public instance.

When a new key is generated, the publicKey node cannot be activated to the public instance as at this point a mismatch exists between the keys on author and public.

Troubleshooting

If activation fails due to a mismatch of the keys on the two instances, an error "Handshake information for activation was incorrect" is displayed. To resolve these issues generate a new key and copy it to the public instance.

You will also find error messages in the logs:

ERROR  info.magnolia.commands.MgnlCommand 02.01.2012 13:28:09 -- Exception caught during deactivation.
info.magnolia.cms.exchange.ExchangeException: 1 error detected: 
Caused by: info.magnolia.cms.exchange.ExchangeException: 

See Monitoring for more about logging and debugging Magnolia.

  • No labels