Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at

  • Ansar 181 posts 291 karma points
    Sep 21, 2016 @ 16:36

    Umbraco SSO using ADFS 3.0

    We are trying to integrate ADFS 3.0 WS federated authentication with Umbraco for front-end users. We just want the users in AD to access the Umbraco website.

    We were able to implement ADFS authentication using normal ASP.NET MVC web site using Owin middleware (Microsoft.Owin.Security.WsFederation).

    We are not sure how to implement this in Umbraco.

    Here is the problem we are facing

    We have inherited UmbracoDefaultOwinStartup and added WSFederationAuthentication middleware. Then added owin:appStartup in appSettings. Middleware configured successfully.

    ADFS metadata url and WTrealm is added in appsettings. Using metadata and WTrealm we have successfully redirected to ADFS server and able to login there. But when redirecting back to our site, we are not getting user identity in HttpContext.GetOwinContext().Authentication variable.

    Any help with this will be greatly appreciated.

  • Morten Christensen 596 posts 2773 karma points admin hq c-trib
    Sep 21, 2016 @ 19:01
    Morten Christensen

    Are you able to share the code for the owin middleware - maybe in a gist?

    / Morten

  • Shefin P N 1 post 21 karma points
    Sep 22, 2016 @ 07:40
  • Jesper Hauge 298 posts 487 karma points c-trib
    Sep 22, 2016 @ 09:43
    Jesper Hauge

    You might be able to find some help in this setup, we created.

    In this setup, we only use ADFS to check login, and establish a username, when that's done, we add an ordinary Umbraco member login, and use that in the frontend. This enables using ordinary umbraco backend procedures for handling user group membership, and access rights to pages.

    Regards Jesper Hauge

  • Palle Mertz 1 post 71 karma points
    Oct 05, 2016 @ 11:35
    Palle Mertz


    Sorry to intercept thread, but I do have a question regarding you solution Jesper Hauge.

    I have something similar from the nuget package Umbraco.Identity. But we have a problem that when you try to Preview a page from backoffice, the Backoffice user is not permitted to see it. He or she is redirected to the adfs server for member login. One of two things might happen. If already logged in to the adfs it will redirect back and forth the site and adfs and will eventually get a "too many redirects" error. If not you get cross-origin error as the adfs content is not allowed to be loaded in the iframe (preview).

    I tried a hack to imporsonate the membership user if already logged in as backoffice user, but with no luck.

    You don't have that problem?

Please Sign in or register to post replies

Write your reply to: