Page tree
Skip to end of metadata
Go to start of metadata

The Single Sign On module can be used for your public-facing website login to protect certain parts of a website that are restricted to registered users only. This login can be through one of many types of social accounts, such as, Facebook, Google, etc. Login can be completely handled by the service that is configured to be used. For example, the external authentication service could use a two-factor authentication before a user can be successfully authorized for additional security.

Prerequisites

For this example you will need:

Installation

For this example we will access the protected section of the travel demo with an existing Google account.

  1. Be sure to have your jass.config setup for sso authentication.
  2. Define the service using the appropriate properties here: /modules/sso-connector/config/authentictionServices/google

    Here is an export of this configuration .
  3. Configure the filter and login handler here: /server/filters/login
  4. Define the security callback here: /server/filters/securityCallback/clientCallbacks

    This is a very sensitive configuration since the order of the callback nodes has meaning

Testing Configuration

  1. Using a different browser access: http://magnoliahost:port/magnoliaPublic/travel/members/login.html

    Stay logged into the browser you are using for setup in case something is wrong with the configuration. Test login in a separate browser.

  2. Try to access the protected area of the website.
  3. You should be redirected to Google login.
  4. Authenticate using the google credentials.
  5. You should now be logged in and able to see the protected pages of the site.

2 Comments

  1. It seems that an additional configuration is missing for preserving the original uri:

    • /server/filters/login@class should have: info.magnolia.cms.security.auth.login.SSOAuthenticationLoginFilter instead of the default info.magnolia.cms.security.auth.login.LoginFilter
    1. Thanks for the feedback. It is in the screenshot for part 3 but maybe it would be better if the instruction was more explicit. Sorry for the confusion.