Project

General

Profile

Actions

Defect #2604

open

CzechIdM does not authenticate user when no JWT token is mounted

Added by Petr Fišer about 4 years ago. Updated almost 4 years ago.

Status:
New
Priority:
Normal
Assignee:
-
Start date:
12/09/2020
Due date:
% Done:

0%

Estimated time:

Description

What documentation says about JWT token file:

Without this file mounted, the JWT token will be regenerated on every container start, effectively logging out all users. Users can log in back again. There is no other effect on them.

This is not completely true. If the CZECHIDM_JWT_TOKEN_PASSFILE is specified but the referenced file cannot be read, the container generates JWT token.
But if the CZECHIDM_JWT_TOKEN_PASSFILE is not set at all, the JWT token is not generated and the config for it is empty. IdM then refuses to authenticate any user.

Problemmatic code starts at: https://github.com/bcvsolutions/czechidm-docker/blob/master/images/czechidm/runscripts/runEvery.d/001_004-createIdMAppconfig.sh#L63 .
This issue affects all versions.

Workaround: Always specify the CZECHIDM_JWT_TOKEN_PASSFILE env variable on container create. Or, to be 100% safe, always mount the JWT token into the container.

Actions #1

Updated by Petr Fišer almost 4 years ago

  • Project changed from IdStory IdM containers to bcv-czechidm
Actions

Also available in: Atom PDF