use keycloak for login auth to backoffice

Press Ctrl / CMD + C to copy this to your clipboard.

Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at

Søren Müller 3 posts 73 karma points

Jan 12, 2021 @ 10:35

Use Keycloak for Login auth to Backoffice

Hi,

I'm trying to use keycloak as my IDP for login to Umbraco Backoffice.. Since there is no umbraco nuget package for this, I first tried using a guide for login with Google+. It works perfect.. then i added the nuget package "Owin.Security.Keycloak-3". Then I added this extension funtion below and called it from "UmbracoStandardOwinStartup" class.. But I dont get any login button and cant set umbraco linking options, since this is obfuscated in the google login nuget package.. Any tried this or hav any idea .. Thx :-)

       static string persistentAuthType = "keycloak_cookies"; // Or name it whatever you want

    public static void ConfigureBackOfficeKeycloakAuth(this IAppBuilder app, string clientId, string clientSecret,
        string caption = "Cadpeople keycloak", string style = "btn-google", string icon = "fa-google")
    {

        //const string persistentAuthType = "keycloak_cookies"; // Or name it whatever you want

        app.UseCookieAuthentication(new CookieAuthenticationOptions
        {
            AuthenticationType = persistentAuthType
        });

        // You may also use this method if you have multiple authentication methods below,
        // or if you just like it better:
        app.SetDefaultSignInAsAuthenticationType(persistentAuthType);

        // some more here login button, linking acccounts etc.??

        app.UseKeycloakAuthentication(new KeycloakAuthenticationOptions
        {

            Realm = "UmbracoTest",
            ClientId = "u-client-bo",
            ClientSecret = "<client secret>",
            KeycloakUrl = "<url>",
            AuthenticationType = persistentAuthType,
            SignInAsAuthenticationType = persistentAuthType,
            //Token validation options - these are all set to defaults
            AllowUnsignedTokens = false,
            DisableIssuerSigningKeyValidation = false,
            DisableIssuerValidation = false,
            DisableAudienceValidation = false,
            TokenClockSkew = TimeSpan.FromSeconds(2)
        });
    }

Copy Link

tiago.santos 4 posts 73 karma points

May 27, 2021 @ 18:36
0
Maybe your openid user doesnt exists in Umbraco Users, so it returns to Login Page.

You must login with user/pass and then Link your OpenId Connect Account.

Or else, force the autocreation of User (a bit overkill and dangerous, but possible)
```
AutoRedirectLoginToExternalProvider = true,
DenyLocalLogin = true, // if ANY external provider has this property set, local login will be disabled
```
EDIT: as a fact the user is always created with "reader" permission,
Copy Link
is working on a reply...

This forum is in read-only mode while we transition to the new forum.

You can continue this topic on the new forum by tapping the "Continue discussion" link below.

Please Sign in or register to post replies