OAuth and OpenID Connect provider configuration for reverse proxy instances - reuse acl option
Tom Bosmans 10 October 2018 10:12:04
I have multiple reverse proxy instances configured on an appliance, and recently added a new one.I performed the "Oauth and OpenID Connect Provider configuration", and did not select the options "Reuse ACL" nor "Reuse Certificates" .
After that, I noticed that my OpenID authentication no longer worked correctly on the other instances.
The reason was that the ACL's for the objects in /mga/sps/oauth/oauth20/ disappeared .
So if you already have configured other instances on your appliance for "Oauth and OpenID connect", always enable "Reuse ACL" !
What actually happens is easy to follow in the autocfg__oauth.log file in the Reverse Proxy log files:
If reuse acl is not checked, it will first detach the ACL's from all objects , delete the ACL and then add it again, but only for the reverse proxy where your run the configuration .....
So you loose all configuration that uses the isam_oauth_* ACL's in the other instances .
Moral of the story : always enable "Reuse ACL" when running the "Oauth and OpenID Connect Provider configuration"
- Comments [0]