Uninstalling SSO
You can manually uninstall the SSO module from your Magnolia instances by following the steps on this page. They’re intended for administrators who want to stop using an Open ID Connect (OIDC) IAM instance and return to the default Magnolia login authentication.
Prerequisites for the default Magnolia login
Before you can remove the SSO configuration, ensure that the JCR login is set up so that admins can log in successfully. In particular, review the following points in your setup.
-
Add the default JCR authentication step to the
jaas.config
file. Both entries below must be in the file. Restart your instance after the configuration file is updated.WEB-INF/config/jaas.configmagnolia { (1) info.magnolia.jaas.sp.jcr.JCRAuthenticationModule requisite; info.magnolia.jaas.sp.jcr.JCRAuthorizationModule required; }; sso-authentication { (2) info.magnolia.sso.jaas.SsoAuthenticationModule requisite; info.magnolia.jaas.sp.jcr.JCRAuthorizationModule required; };
1 This is the default JCR authentication step. 2 This is the SSO authentication entry. -
Move the
form
security callback node before all SSO callbacks includingsso
,ssoLocationFragmentRedirect
, andssoFallback
./server/filters/securityCallback/ Node name Value π securityCallback
⬩ class
info.magnolia.cms.security.SecurityCallbackFilter
βΈ¬ clientCallbacks
βΈ¬ form
⬩ class
info.magnolia.cms.security.auth.callback.FormClientCallback
⬩ loginForm
/defaultMagnoliaLoginForm/login.html
βΈ¬ ssoFallback
⬩ class
info.magnolia.cms.security.auth.callback.FormClientCallback
⬩ loginForm
/defaultMagnoliaLoginForm/login.html
βΈ¬ originalUrlPattern
⬩ patternString
/.magnolia/jcrlogin
⬩ class
info.magnolia.cms.util.SimpleUrlPattern
⬩ enabled
true
βΈ¬ ssoLocationFragmentRedirect
⬩ class
info.magnolia.sso.LocationFragmentRedirectClientCallback
βΈ¬ originalUrlPattern
⬩ patternString
/.magnolia/admincentral*
⬩ class
info.magnolia.cms.util.SimpleUrlPattern
βΈ¬ sso
⬩ class
info.magnolia.sso.UserInitiatedRedirectClientCallback
The Magnolia default
form
login (JCR user login) is the first callback node undersecurityCallback
and has the highest priority. -
Ensure you have an enabled JCR user with
superuser
permissions, and then try to log in. If login is successful, proceed to remove security callbacks, filter and other configurations in the next section.
Remove the SSO login configuration
You should only remove the SSO login configuration after successfully preparing the default JCR login. |
-
Revert filter settings by removing the
sso
,ssoLocationFragmentRedirect
, andssoFallback
security callback filters./server/filters/securityCallback/ Node name Value π securityCallback
⬩ class
info.magnolia.cms.security.SecurityCallbackFilter
βΈ¬ clientCallbacks
βΈ¬ form
⬩ class
info.magnolia.cms.security.auth.callback.FormClientCallback
⬩ loginForm
/defaultMagnoliaLoginForm/login.html
βΈ¬ ssoFallback
⬩ class
info.magnolia.cms.security.auth.callback.FormClientCallback
⬩ loginForm
/defaultMagnoliaLoginForm/login.html
βΈ¬ originalUrlPattern
⬩ patternString
/.magnolia/jcrlogin
⬩ class
info.magnolia.cms.util.SimpleUrlPattern
⬩ enabled
true
βΈ¬ ssoLocationFragmentRedirect
⬩ class
info.magnolia.sso.LocationFragmentRedirectClientCallback
βΈ¬ originalUrlPattern
⬩ patternString
/.magnolia/admincentral*
⬩ class
info.magnolia.cms.util.SimpleUrlPattern
βΈ¬ sso
⬩ class
info.magnolia.sso.UserInitiatedRedirectClientCallback
Remove the filters installed by the SSO module.
-
Additionally, remove the following bootstrapped settings.
-
Delete the
sso-authentication
node and its subnodes under theuserManagers
node./server/security/userManagers Node name Value βΈ¬ userManagers
βΈ¬ sso-authentication
⬩ class
info.magnolia.sso.SsoUserManager
-
Remove the
sso-redirect-uri-authorizer
role on the Roles tab. This also removes any references automatically.
-
-
Remove the SSO environment-specific
config.yaml
file added during installation. -
Finally, remove the SSO dependency from your project, redeploy your updated webapp, and restart your instances.
<dependency> <groupId>info.magnolia.sso</groupId> <artifactId>magnolia-sso</artifactId> <version>4.0.2</version> </dependency>
When redeploying your updated webapp, follow the guidelines on backing up and restoring instances for production environments.