Page tree
Skip to end of metadata
Go to start of metadata

The WeChat Login module allows you to integrate Magnolia's login mechanism with that provided to WeChat's Open Platform. Once enabled, visitors have to scan a Wechat QR code and access protected content of the website, e.g. members-only pages. 




Important Note

This module is at an experimental stage and is not included under official product support at the moment. 

Installation

Maven is the easiest way to install the module. Add the following dependency to your bundle:


<dependency>
	<groupId>info.magnolia.connector.sso</groupId>
	<artifactId>magnolia-sso-connector</artifactId>
	<version>{latest_version}</version>
</dependency>

<dependency>
	<groupId>info.magnolia.wechat</groupId>
	<artifactId>magnolia-wechat-connector</artifactId>
	<version>{latest_version}</version>
</dependency>

Versions

6.2Magnolia 6.2


Configuration

This module integrates open id connect provider WeChat as an authentication method for Magnolia CMS. It uses the SSO Connector module and adds configuration for this service. For full information about the WeChat platform please refer to https://developers.weixin.qq.com/doc/oplatform/en/Website_App/WeChat_Login/Wechat_Login.html

  • AdminCentral login with WeChat
  • AdminCentral login with Magnolia (.magnlia/defaultlogin)
  • Login button beside the login link of travel demo.
  • Page /travel/members/wechat as the default target of the login process with WeChat.
  • Page /travel/members/wechat-profile as the user profile page.

JAAS configuration for OAuth authentication

Magnolia's web app has to provide a special JAAS configuration for the SSO Connector Module. Add the following at the bottom of the file /WEB-INF/config/jaas.config :

sso-authentication { 
	info.magnolia.connector.sso.jaas.SSOAuthenticationModule requisite; 
	info.magnolia.jaas.sp.jcr.JCRAuthorizationModule required; 
};

loginHandlers configuration


/server/filters/login/loginHandlers
class info.magnolia.cms.security.auth.login.SSOAuthenticationLoginFilter

Logout configuration 

/server/filters/logout
class info.magnolia.cms.security.auth.logout.SSOLogoutFilter

securityCallback configuration

/server/filters/securityCallback/clientCallbacks

travel-demo-pur (if we have travel demo site)

public-sso (*/server/filters/securityCallback/clientCallbacks/public-sso/originalUrlPattern *)

patternString (*|travel)/members/(wechat)*

form (/server/filters/securityCallback/clientCallbacks/admincentral-sso/originalUrlPattern)

patternString   /.magnolia/defaultlogin

admincentral-sso (no originalUrlPattern)

WeChat Service configuration

Configure Wechat's API service (appid, clilentSecret, endpoint, ... ) under

/modules/sso-connector/config/authenticationServices/wechatService


callbackURL - the callback URL after login. It should different for author and public

author instance: http://localhost:8080

public instance: http://localhost:8080/magnoliaPublic/travel/members/wechat

securityGroups - magnolia user group for logged user. Default is wechat-sso-default


Security

This module introduces a default user role (wechat-sso-default) and a default user group (wechat-sso-default) for view-only permission. 

Warnings

  • This module is at INCUBATOR level.
  • This module is not in the Magnolia platform support scope

Changelog

  • Version Alpha 1.0 - Initial release of the extensions version of the module.