I'm trying to get user login to backoffice to work with third party IDP.
So far, I get a login button above the normal umbraco loginprompt.
I get redicted to third party login page and after login I get redirected back to umbraco with token.
I hould now login, but indtead it just goes to loginpage again .
I use the UmbracoCms.IdentityExtensions, Microsoft.Owin.Security.OpenIdConnect++.
I have been banging my head for 2 days now, hoping some have an idea..:-|
My code so far:
In UmbracoStandardOwinStartup::ConfigureUmbracoAuthentication(IAppBuilder app) i call:
public static void ConfigureBackOfficeKeycloakAuth(this IAppBuilder app, string clientId,
string caption = "Login", string style = "btn-google", string icon = "fa-google")
{
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = persistentAuthType
});
var identityOptions = new OpenIdConnectAuthenticationOptions
{
Caption = caption,
Authority = "<auth url>",
ClientId = clientId,
RedirectUri = "https://localhost:44330/umbraco/",
PostLogoutRedirectUri = "https://localhost:44330/Umbraco",
ResponseType = "id_token token",
Scope = "openid profile roles email",
MetadataAddress = "<auth url>/realms/umbracoTest/.well-known/openid-configuration",
SignInAsAuthenticationType = Constants.Security.BackOfficeExternalAuthenticationType
};
identityOptions.ForUmbracoBackOffice(style, icon);
identityOptions.Caption = caption;
// Fix Authentication Type
identityOptions.AuthenticationType = "<auth url>";
// Configure AutoLinking
//var autoLinkOptions = new ExternalSignInAutoLinkOptions(true); // autoLinkExternalAccount = true
//autoLinkOptions.AllowManualLinking = false;
//identityOptions.SetBackOfficeExternalLoginProviderOptions(new BackOfficeExternalLoginProviderOptions
//{
// AutoRedirectLoginToExternalProvider = false,
// DenyLocalLogin = false, // if ANY external provider has this property set, local login will be disabled
// AutoLinkOptions = autoLinkOptions
//});
// not sure if nessesary
identityOptions.Notifications = new OpenIdConnectAuthenticationNotifications
{
SecurityTokenValidated = ClaimsTransformer.GenerateUserIdentityAsync
};
app.UseOpenIdConnectAuthentication(identityOptions);
}
and finally
the ClaimsTransformer.GenerateUserIdentityAsync function:
public static async Task GenerateUserIdentityAsync(
SecurityTokenValidatedNotification<OpenIdConnectMessage,
OpenIdConnectAuthenticationOptions> notification)
{
var id = notification.AuthenticationTicket.Identity;
// we want to keep first name, last name, subject and roles
var givenName = id.FindFirst(ClaimTypes.GivenName);
if (givenName == null) givenName = id.FindFirst("name");
var familyName = id.FindFirst(ClaimTypes.Surname);
if (familyName == null) familyName = id.FindFirst("name");
var email = id.FindFirst(ClaimTypes.Email);
if (email == null) email = id.FindFirst(ClaimTypes.Upn);
var roles = id.FindAll(ClaimTypes.Role);
// create new identity and set name and role claim type
var nid = new ClaimsIdentity(
id.AuthenticationType,
ClaimTypes.GivenName,
ClaimTypes.Role);
nid.AddClaim(givenName);
nid.AddClaim(familyName);
nid.AddClaims(roles);
nid.AddClaim(id.FindFirst(ClaimTypes.NameIdentifier));
var emailclaim = new Claim(ClaimTypes.Email, email.Value);
nid.AddClaim(emailclaim);
notification.AuthenticationTicket = new AuthenticationTicket(nid, notification.AuthenticationTicket.Properties);
}
Here all the values are correct, i.e. name, email etc,
umbraco user login external openid
Hi,
I'm trying to get user login to backoffice to work with third party IDP. So far, I get a login button above the normal umbraco loginprompt. I get redicted to third party login page and after login I get redirected back to umbraco with token. I hould now login, but indtead it just goes to loginpage again . I use the UmbracoCms.IdentityExtensions, Microsoft.Owin.Security.OpenIdConnect++.
I have been banging my head for 2 days now, hoping some have an idea..:-|
My code so far:
In UmbracoStandardOwinStartup::ConfigureUmbracoAuthentication(IAppBuilder app) i call:
That function is here:
and finally
the ClaimsTransformer.GenerateUserIdentityAsync function:
Here all the values are correct, i.e. name, email etc,
Having the same issue, any updates?
Anyone ever get anywhere with this? A n00b to Umbraco and trying to figure out all the auth options.
Anyone manage to solve this? Having the same issue right now too
Hi Soren,
What version of Umbraco are you using?
Since Umbraco 9.3 there is support for external login providers with OpenID Connect: https://our.umbraco.com/documentation/reference/security/external-login-providers/
I've released a package which demos how Umbraco can be used with OpenID Connect: https://www.jeroenbreuer.nl/blog/released-umbraco-openid-connect-example-package/
Jeroen
is working on a reply...