Currently we have an Umbraco Website which uses an external Membership Provider to allow 'Members' to login to protected page(s). Both the members themselves and the roles currently come from this membership provider.
This has worked fine for a number of years but now the external system we're using is beginning to deprecate the Business Objects this currently uses and is moving towards a JWT (REST) approach.
The SSO solution they now provide is as follows:
1 - A GET request is made to the page containing the Single Sign On content item.
2 - If signed in, the page then redirects to a configured URL with a POST containing a refresh_token. If not signed in, they're asked to sign in and then the POST request is made.
3 - The redirected page then POSTS to a token end point with a few required fields needed to actually Authenticate against the system
4 - The response from the Token request contains the access_token.
5 - The returned accesstoken can then be used by subsequent calls where the accesstoken value is a bearer token in the Authorization header.
I have successfully implemented this in a few other custom third-party systems but these we're all using Vue/React & ExpressJS.
I now need to implement this within our Umbraco installation.
Could someone offer any advice as to how I would go about this?
I would like to use the SSO Solution offered above rather than calling the Token endpoint directly as we want to avoid the user having to sign in twice. If we use the SSO method described above, they would only have to login to the main system and then are redirected back to Umbraco with a valid Token.
The page(s) are also protected based on the Umbraco Member Roles, so once they have a valid token (and are therefore authenticated to visit the protected pages) I need to be able to check which role they are in.
Not sure if it really helps but here is a tutorial in integrating IdentityServer for Members. I think the SSO you are using propably behaves more or less the same. Hope it's helps.
Many thanks for your advice. I had seen this article but wasn't sure this was exactly what I needed?
I believe this is very similar to how the current process works however this solution still seems to put the login onus on Umbraco itself.
The solution we want to move towards is sending them to the third-party system, where they login and then this makes a POST Request to Umbraco containaining a 'Refresh Token'. This 'Refresh Token' should then be used to do a subsequent POST Request back (from Umbraco) to the third-party system which provides an actual JWT.
Then, if this user has a valid JWT we authorize them to view the protected page(s).
I'm hoping this is possible, I did get quite close to this (I think) but was unsure as to how to pass the JWT back to the view?
Which refers to .NET CORE which I don't think will help us currently as I believe Umbraco hasn't yet been made (atleast fully) compatible with .NET CORE?
Umbraco SSO - Using External Membership System
Hello,
I'm looking for some advice please.
Currently we have an Umbraco Website which uses an external Membership Provider to allow 'Members' to login to protected page(s). Both the members themselves and the roles currently come from this membership provider.
This has worked fine for a number of years but now the external system we're using is beginning to deprecate the Business Objects this currently uses and is moving towards a JWT (REST) approach.
The SSO solution they now provide is as follows:
1 - A GET request is made to the page containing the Single Sign On content item.
2 - If signed in, the page then redirects to a configured URL with a POST containing a refresh_token. If not signed in, they're asked to sign in and then the POST request is made.
3 - The redirected page then POSTS to a token end point with a few required fields needed to actually Authenticate against the system
4 - The response from the Token request contains the access_token.
5 - The returned accesstoken can then be used by subsequent calls where the accesstoken value is a bearer token in the Authorization header.
I have successfully implemented this in a few other custom third-party systems but these we're all using Vue/React & ExpressJS.
I now need to implement this within our Umbraco installation.
Could someone offer any advice as to how I would go about this?
I would like to use the SSO Solution offered above rather than calling the Token endpoint directly as we want to avoid the user having to sign in twice. If we use the SSO method described above, they would only have to login to the main system and then are redirected back to Umbraco with a valid Token.
The page(s) are also protected based on the Umbraco Member Roles, so once they have a valid token (and are therefore authenticated to visit the protected pages) I need to be able to check which role they are in.
Any help appreciated. Thanks
Hi Alex,
Not sure if it really helps but here is a tutorial in integrating IdentityServer for Members. I think the SSO you are using propably behaves more or less the same. Hope it's helps.
https://pstokes.co.uk/posts/umbraco-members-and-identity-server-part-1/
David
Hi David,
Many thanks for your advice. I had seen this article but wasn't sure this was exactly what I needed?
I believe this is very similar to how the current process works however this solution still seems to put the login onus on Umbraco itself.
The solution we want to move towards is sending them to the third-party system, where they login and then this makes a POST Request to Umbraco containaining a 'Refresh Token'. This 'Refresh Token' should then be used to do a subsequent POST Request back (from Umbraco) to the third-party system which provides an actual JWT.
Then, if this user has a valid JWT we authorize them to view the protected page(s).
I'm hoping this is possible, I did get quite close to this (I think) but was unsure as to how to pass the JWT back to the view?
Many thanks, Alex.
Sorry for the multiple responses David but also reading through that documentation again the first step isn't outlined?
He refers to this link:
https://identityserver4.readthedocs.io/en/release/quickstarts/0_overview.html
Which is no longer a valid link, looking up Identity Server Quickstart on Google I find this: http://docs.identityserver.io/en/latest/quickstarts/0_overview.html
Which refers to .NET CORE which I don't think will help us currently as I believe Umbraco hasn't yet been made (atleast fully) compatible with .NET CORE?
Thanks again, Alex.
is working on a reply...