Defect #2604: CzechIdM does not authenticate user when no JWT token is mounted - bcv-czechidm - IdStory Identity Manager

Actions

Copy link

Defect #2604

open

CzechIdM does not authenticate user when no JWT token is mounted

Added by Petr Fišer about 4 years ago. Updated almost 4 years ago.

Status:

New

Priority:

Normal

Assignee:

Start date:

12/09/2020

Due date:

% Done:

Estimated time:

Affected versions:

IdStory IdM containers - bcv-czechidm:10.1.0-r1, IdStory IdM containers - bcv-czechidm:10.2.0-r0, IdStory IdM containers - bcv-czechidm:10.3.1-r0, IdStory IdM containers - bcv-czechidm:10.6.3-r0

Owner:

Description

What documentation says about JWT token file:

Without this file mounted, the JWT token will be regenerated on every container start, effectively logging out all users. Users can log in back again. There is no other effect on them.

This is not completely true. If the CZECHIDM_JWT_TOKEN_PASSFILE is specified but the referenced file cannot be read, the container generates JWT token.
But if the CZECHIDM_JWT_TOKEN_PASSFILE is not set at all, the JWT token is not generated and the config for it is empty. IdM then refuses to authenticate any user.

Problemmatic code starts at: https://github.com/bcvsolutions/czechidm-docker/blob/master/images/czechidm/runscripts/runEvery.d/001_004-createIdMAppconfig.sh#L63 .
This issue affects all versions.

Workaround: Always specify the CZECHIDM_JWT_TOKEN_PASSFILE env variable on container create. Or, to be 100% safe, always mount the JWT token into the container.

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

IdStory IdM containers » bcv-czechidm

Defect #2604

CzechIdM does not authenticate user when no JWT token is mounted

Updated by Petr Fišer almost 4 years ago