use keycloak for login auth to backoffice

Press Ctrl / CMD + C to copy this to your clipboard.

Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at

Søren Müller 3 posts 73 karma points

Jan 12, 2021 @ 10:35

Hi,

I'm trying to use keycloak as my IDP for login to Umbraco Backoffice.. Since there is no umbraco nuget package for this, I first tried using a guide for login with Google+. It works perfect.. then i added the nuget package "Owin.Security.Keycloak-3". Then I added this extension funtion below and called it from "UmbracoStandardOwinStartup" class.. But I dont get any login button and cant set umbraco linking options, since this is obfuscated in the google login nuget package.. Any tried this or hav any idea .. Thx :-)

       static string persistentAuthType = "keycloak_cookies"; // Or name it whatever you want

    public static void ConfigureBackOfficeKeycloakAuth(this IAppBuilder app, string clientId, string clientSecret,
        string caption = "Cadpeople keycloak", string style = "btn-google", string icon = "fa-google")
    {

        //const string persistentAuthType = "keycloak_cookies"; // Or name it whatever you want

        app.UseCookieAuthentication(new CookieAuthenticationOptions
        {
            AuthenticationType = persistentAuthType
        });

        // You may also use this method if you have multiple authentication methods below,
        // or if you just like it better:
        app.SetDefaultSignInAsAuthenticationType(persistentAuthType);

        // some more here login button, linking acccounts etc.??

        app.UseKeycloakAuthentication(new KeycloakAuthenticationOptions
        {

            Realm = "UmbracoTest",
            ClientId = "u-client-bo",
            ClientSecret = "<client secret>",
            KeycloakUrl = "<url>",
            AuthenticationType = persistentAuthType,
            SignInAsAuthenticationType = persistentAuthType,
            //Token validation options - these are all set to defaults
            AllowUnsignedTokens = false,
            DisableIssuerSigningKeyValidation = false,
            DisableIssuerValidation = false,
            DisableAudienceValidation = false,
            TokenClockSkew = TimeSpan.FromSeconds(2)
        });
    }

Copy Link

tiago.santos 4 posts 73 karma points

May 27, 2021 @ 18:36
0
Maybe your openid user doesnt exists in Umbraco Users, so it returns to Login Page.

You must login with user/pass and then Link your OpenId Connect Account.

Or else, force the autocreation of User (a bit overkill and dangerous, but possible)
```
AutoRedirectLoginToExternalProvider = true,
DenyLocalLogin = true, // if ANY external provider has this property set, local login will be disabled
```
EDIT: as a fact the user is always created with "reader" permission,
Copy Link
is working on a reply...

Please Sign in or register to post replies