Press Ctrl / CMD + C to copy this to your clipboard.
This post will be reported to the moderators as potential spam to be looked at
We're trying to provide another way to authenticate users against the umbraco backoffice interface but is a special authentication flow that doesn't meet any of the traditional OAuth ones.
My question is: does the umbraco identity extensions (https://github.com/umbraco/UmbracoIdentityExtensions) project is suitable for this type of customization? Is there any other best approach for this type of custom authentication?
Thank you all.
Have you made any progress with this? I'm also looking to use a custom authentication flow that we use for our internal applications.
Hi Gabe, thanks for your comment.
Wel,l indeed ;) Old time say that if you don't have a dog you can hunt with a cat, right?
So what we did? The SSO service provider that we needed to integrate with umbraco backoffice user authentication works using the SAML2 protocol, in which by itself isn't compatible with the OAuth... or at least without some dark-side magic on it... I guess.
To start, we've installed the umbraco identity extensions in order to have a way for developing the MyCustomPasswordChecker class that you can use to override the default umbraco backoffice authentication behaviour, like:
// Set your own custom IBackOfficeUserPasswordChecker
userManager.BackOfficeUserPasswordChecker = new MyPasswordChecker();
You can find on the official documentation the complete example of this implementation.
Although the given options are quite limited by return valid credentials or leave for fallback authentication it's enough to start by someplace to achieve your goal.
So we develop two API services: GetSamlRequest and PostAndProcessSamlResponse. The first returns the request that is required to ask for a Saml SSO authentication flow, and we injected on the umbraco back-office login view - with a little "umbrangular" you can do so great magic here. The user requests authentication and is redirected to the SSO page provider and after the authorization the SSO provider post into the second service.
Now with the SSO response, we can process and determine if the user has the authorization and we can now generate a special token with the required data to inject back on the login view... again with some "umbrangular" automagic, the form is now posted against the MyCustomPasswordChecker class to sort out the rest of the process. Either returns ValidCredentials or we pass on the fallback mode for the umbraco backoffice handler as usual.
If you need further details please let me know.
Thank you all
is working on a reply...
Write your reply to:
Image will be uploaded when post is submitted