Project

General

Profile

Actions
Copy link

Defect #2604

open

CzechIdM does not authenticate user when no JWT token is mounted

Added by Petr Fišer over 3 years ago. Updated about 3 years ago.

Status:
New
Priority:
Normal
Assignee:
-
Start date:
12/09/2020
Due date:
% Done:

0%

Estimated time:
Affected versions:
IdStory IdM containers - bcv-czechidm:10.1.0-r1, IdStory IdM containers - bcv-czechidm:10.2.0-r0, IdStory IdM containers - bcv-czechidm:10.3.1-r0, IdStory IdM containers - bcv-czechidm:10.6.3-r0
Owner:

Description

What documentation says about JWT token file:

Without this file mounted, the JWT token will be regenerated on every container start, effectively logging out all users. Users can log in back again. There is no other effect on them.

This is not completely true. If the CZECHIDM_JWT_TOKEN_PASSFILE is specified but the referenced file cannot be read, the container generates JWT token.
But if the CZECHIDM_JWT_TOKEN_PASSFILE is not set at all, the JWT token is not generated and the config for it is empty. IdM then refuses to authenticate any user.

Problemmatic code starts at: https://github.com/bcvsolutions/czechidm-docker/blob/master/images/czechidm/runscripts/runEvery.d/001_004-createIdMAppconfig.sh#L63 .
This issue affects all versions.

Workaround: Always specify the CZECHIDM_JWT_TOKEN_PASSFILE env variable on container create. Or, to be 100% safe, always mount the JWT token into the container.

Actions
Copy link
 #1

Updated by Petr Fišer about 3 years ago

  • Project changed from IdStory IdM containers to bcv-czechidm
Actions
Copy link

Also available in: Atom PDF