OAuth and OpenID Connect provider configuration for reverse proxy instances - reuse acl option
I have multiple reverse proxy instances configured on an appliance, and recently added a new one.
I performed the “Oauth and OpenID Connect Provider configuration”, and did not select the options “Reuse ACL” nor “Reuse Certificates”.
After that, I noticed that my OpenID authentication no longer worked correctly on the other instances.
The reason was that the ACL’s for the objects in
/mga/sps/oauth/oauth20/ disappeared .
So if you already have configured other instances on your appliance for “Oauth and OpenID connect”, always enable “Reuse ACL” !
What actually happens is easy to follow in the
autocfg__oauth.log file in the Reverse Proxy log files:
If reuse acl is not checked, it will first detach the ACL’s from all objects , delete the ACL and then add it again, but only for the reverse proxy where your run the configuration …..
So you loose all configuration that uses the isam_oauth_* ACL’s in the other instances.
Moral of the story : always enable “Reuse ACL” when running the “Oauth and OpenID Connect Provider configuration”.