search

wso2 / product-is

Welcome to the WSO2 Identity Server source code! For info on working with the WSO2 Identity Server repository and contributing code, click the link below.
http://wso2.github.io/
Apache License 2.0
743 stars 723 forks source link

Branding not saved/lost after JKS Keystores update in IS 7.0.0 #20547

Closed Gianluke closed 3 months ago

Gianluke commented 3 months ago

Describe the issue: After install Identity Server 7.0.0 from docker hub as is (with default wso2carbon.jks and client-truststore.jks keystores) I apply some personalization to default login page, working on (very great!) branding functionality. After this, I update default JKS Keystores with my 2 external jks (for apply SAML2 certificates personalization etc.) and from this moment branding personalizations on login page are lost (login page is returned with the default WSO2 Identity Manager style). All personalizations are instead visible (and editable as usual) into Styles & Text page. If I restore the JKSs everything goes back to working as before.

How to reproduce:

  1. install and run wso2 IS 7.0.0
  2. apply some personalizations to login page using branding functionality
  3. the customizations are correctly visible on the login page as expected
  4. create two new jks keystores (keystore + truststore) with custom keypair certificates
  5. update deployment.toml sections for use the external JKSs as described in the official documentation
  6. restart WSO2 IS 7.0.0
  7. by accessing the application console the system offers the login page with the default template
  8. by entering the administrator credentials and accessing the branding configuration page, the configurations entered in point 2 are still present

Expected behavior: When the system restarts after JKS customizations, the login page should be displayed based on the style configured in the branding configuration page

Environment information:

Thanks in advance!

Gianluke commented 3 months ago

Ok solved: is an internal hostname resolution problem because WSO2 IS 7.0.0 use internal clients to resolve the branding preference on the login & registration pages and that internal API call fails when JKS keypair is updated (when the default localhost certificate is replaced). In this case it is necessary to set _internalhostname configuration with the hostname used as alias of new certificate how described here: https://is.docs.wso2.com/en/latest/deploy/change-the-hostname/#change-the-hostname

Thanks to Brion: https://discord.com/channels/955510916064092180/1249367715051999335/1251424413002371084