Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • Biagio Paruolo 1583 posts 1814 karma points c-trib
    Jan 04, 2020 @ 18:44
    Biagio Paruolo
    0

    Is there an example of OpenID / Identity Server integration with Umbraco?

    Is there an example of OpenID / Identity Server integration with Umbraco?

  • David Brendel 792 posts 2970 karma points MVP 3x c-trib
    Jan 04, 2020 @ 20:26
    David Brendel
    0

    Hi Biagio,

    there are actually quite some blog post on this topic. Depends a bit if you want to use members or users with it. But it's pretty straight forward.

    Regards David

  • Jeroen Breuer 4908 posts 12265 karma points MVP 4x admin c-trib
    Sep 01, 2022 @ 11:33
    Jeroen Breuer
    0

    Hi Biagio,

    You can find some good examples in the documentation: https://our.umbraco.com/documentation/reference/security/external-login-providers/

    I've also released an example packages which you can try: https://www.jeroenbreuer.nl/blog/released-umbraco-openid-connect-example-package/

    Jeroen

  • Biagio Paruolo 1583 posts 1814 karma points c-trib
    Sep 25, 2022 @ 09:23
    Biagio Paruolo
    0

    Thanks. I'll give a try.

  • Carlos Casalicchio 169 posts 698 karma points
    Dec 14, 2022 @ 16:44
    Carlos Casalicchio
    0

    I'm attempting to get Umbraco v10.3.2 working with Identity Server 6, and got the login workflow but when I get redirected back to Umbraco, it returns several errors.

    The workflow consists of:

    1. browsing to backoffice /umbraco

    2. the user gets redirected to the identity server login page enter image description here

    3. Once logged-in, the user gets redirected back to umbraco enter image description here

    But the screen is blank, maybe because it's missing the correct info in the cookies? enter image description here

    The startup code is this:

            public void ConfigureServices(IServiceCollection services)
        {
            var scheme = $"{Constants.Security.BackOfficeExternalAuthenticationTypePrefix}.oidc";
            var settings = _config.GetSection("DuendeSettings").Get<DuendeSettings>();
    
            services.AddUmbraco(_env, _config)
                .AddBackOffice()
                    .AddBackOfficeExternalLogins(loginsBuilder =>
                        loginsBuilder.AddBackOfficeLogin(build =>
                        build.AddOpenIdConnect(scheme, "Identity Server", options =>
                        {
                            options.Authority = settings.Authority;
                        #if DEBUG
                            options.RequireHttpsMetadata = false; // dev only
                        #endif
                            options.ClientId = settings.ClientId;
                            options.ClientSecret = settings.ClientSecret;
                            options.ResponseType = settings.ResponseType;
                            options.ResponseMode = "query";
                            options.UsePkce = true;
    
                            options.MapInboundClaims = false;
                            options.SaveTokens = true;
                            options.Scope.Clear();
                            options.Scope.Add("api1");
                            options.Scope.Add("openid");
                            options.Scope.Add("profile");
                            options.Scope.Add("offline_access");
                            options.GetClaimsFromUserInfoEndpoint = true;
                        }), providerOptions =>
                        {
                            providerOptions.AutoLinkOptions = new BackOffice.Security.ExternalSignInAutoLinkOptions(autoLinkExternalAccount: true, allowManualLinking: false)
                            {
                                OnExternalLogin = (user, loginInfo) =>
                                {
                                    return true;
                                },
                            };
                            providerOptions.Icon = "fa fa-id-card";
                            providerOptions.DenyLocalLogin = true;
                            providerOptions.AutoRedirectLoginToExternalProvider = true;
                        }))
                .AddWebsite()
                .AddComposers()
                .Build();
        }
    

    What is missing?

  • Biagio Paruolo 1583 posts 1814 karma points c-trib
    Dec 16, 2022 @ 08:46
    Biagio Paruolo
    0

    I think that Umbraco wait the callback info formatted in some forms or you have to use a particular protocol. I see some syntax errors into your log.

  • Carlos Casalicchio 169 posts 698 karma points
    Jan 07, 2023 @ 16:52
    Carlos Casalicchio
    0

    It turns out I was missing some critical code since Umbraco does not handle the response independently.

    This is what the middleware looks like

            namespace Providers;
    
        using Microsoft.AspNetCore.Authentication.Cookies;
        using Microsoft.AspNetCore.Authentication.OpenIdConnect;
        using Microsoft.Extensions.Configuration;
        using Microsoft.Extensions.DependencyInjection;
        using Microsoft.IdentityModel.Protocols.OpenIdConnect;
    
        using Umbraco.Cms.Core.DependencyInjection;
        using Umbraco.Cms.Core.Security;
        using Umbraco.Cms.eTransit.Core.Models;
        using Umbraco.Cms.Web.BackOffice.Security;
        using Umbraco.Extensions;
    
        public static class DuendeExternalLoginProvider
        {
            public static async Task<IUmbracoBuilder> AddDuendeAuthenticationAsync(this IUmbracoBuilder builder)
            {
                var settings = builder.Config.GetSection("DuendeSettings").Get<DuendeSettings>();
                builder.Services.ConfigureOptions<DuendeBackOfficeExternalLoginProviderOptions>();
    
                //Identity Server 6 Integration
                builder.AddBackOfficeExternalLogins(loginsBuilder =>
                    loginsBuilder.AddBackOfficeLogin(build =>
                    build.AddOpenIdConnect(DuendeBackOfficeExternalLoginProviderOptions.SchemeName, "Identity Server", options =>
                    {
                        options.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
                        options.Authority = settings.Authority;
                        options.ClientId = settings.ClientId;
                        options.ClientSecret = settings.ClientSecret;
                        options.CallbackPath = settings.CallbackUri;
                        options.ResponseType = OpenIdConnectResponseType.Code;
                        options.AuthenticationMethod = OpenIdConnectRedirectBehavior.RedirectGet;
                        options.TokenValidationParameters.NameClaimType = "name";
                        options.TokenValidationParameters.RoleClaimType = "role";
                        options.RequireHttpsMetadata = true;
                        //#if DEBUG
                        //                options.RequireHttpsMetadata = false; // dev only
                        //#endif
                        options.MapInboundClaims = true;
                        options.SaveTokens = true;
                        options.Scope.Add("api1");
                        options.Scope.Add("openid");
                        options.Scope.Add("profile");
                        options.Scope.Add("email");
                        options.Scope.Add("offline_access");
                        options.GetClaimsFromUserInfoEndpoint = true;
                        options.TokenValidationParameters.SaveSigninToken = true;
                        options.Events.OnTicketReceived = async context =>
                        {
                            var userManager = context.HttpContext.RequestServices.GetService<IBackOfficeUserManager>();
                            var signInManager = context.HttpContext.RequestServices.GetService<IBackOfficeSignInManager>();
    
                            var claims = context?.Principal?.Claims.ToList();
    
                            if (claims is null) throw new MissingFieldException(nameof(claims));
                            if (userManager is null || signInManager is null) throw new Exception("services not resolved from DI");
    
                            var email = claims.SingleOrDefault(x => x.Type == "email")?.Value ?? "";
                            var user = await userManager.FindByEmailAsync(email);
    
                            if (user is not null)
                                await signInManager.SignInAsync(user, false);
                            else
                                await signInManager.SignOutAsync();
    
                            await Task.FromResult(0);
                        };
                    })));
                await Task.FromResult(0);
    
                return builder;
            }
        }
    

    and was applied here

                namespace Umbraco.Cms.eTransit.Core.Components;
    
            using Umbraco.Cms.Core.Composing;
            using Umbraco.Cms.Core.DependencyInjection;
            using Umbraco.Cms.eTransit.Core.Providers;
    
            public class DuendeComponent : IComposer
            {
                public void Compose(IUmbracoBuilder builder)
                {
                    builder.AddDuendeAuthenticationAsync().GetAwaiter().GetResult();
                }
            }
    
Please Sign in or register to post replies

Write your reply to:

Draft