Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • Daniel Martins 2 posts 22 karma points
    May 10, 2021 @ 12:51
    Daniel Martins
    0

    Umbraco Backoffice Custom Authentication

    Hi, I'm trying to set the backoffice custom authentication with Keycloak openid, and everything goes well, until i'm redirect again to umbraco and it shows the login screen again.

    This is my custom Owin Startup:

         public class UmbracoCustomOwinStartup : UmbracoDefaultOwinStartup
    {
        static readonly string Caption = "Keycloak";
        static readonly string ClientId = "umbraco";
        static readonly string Style = "btn-github";
        static readonly string Icon = "fa-key";
    
        /// <summary>
        /// Configures the <see cref="BackOfficeUserManager"/> for Umbraco
        /// </summary>
        /// <param name="app"></param>
        protected override void ConfigureUmbracoUserManager(IAppBuilder app)
        {
            // There are several overloads of this method that allow you to customize the BackOfficeUserManager or even custom BackOfficeUserStore.
            app.ConfigureUserManagerForUmbracoBackOffice(
                Services,
                Mapper,
                UmbracoSettings.Content,
                GlobalSettings,
                //The Umbraco membership provider needs to be specified in order to maintain backwards compatibility with the 
                // user password formats. The membership provider is not used for authentication, if you require custom logic
                // to validate the username/password against an external data source you can create create a custom UserManager
                // and override CheckPasswordAsync
                global::Umbraco.Core.Security.MembershipProviderExtensions.GetUsersMembershipProvider().AsUmbracoMembershipProvider());
        }
    
        protected override void ConfigureUmbracoAuthentication(IAppBuilder app)
        {
            base.ConfigureUmbracoAuthentication(app);
    
            app.UseUmbracoBackOfficeTokenAuth(new BackOfficeAuthServerProviderOptions());
    
            var identityOptions = new OpenIdConnectAuthenticationOptions
            {
                Caption = Caption,
                Authority = "http://localhost:8080/",
                AuthenticationType = "http://localhost:8080/",
                ClientId = ClientId,
                RedirectUri = "http://umbraco.bifrost.localhost/umbraco",
                PostLogoutRedirectUri = "http://umbraco.bifrost.localhost/umbraco",
                ResponseType = "code",
                Scope = "openid profile roles email",
                RequireHttpsMetadata = false,
                MetadataAddress = "http://localhost:8080/auth/realms/umbracorealm/.well-known/openid-configuration",
                SignInAsAuthenticationType = Constants.Security.BackOfficeExternalAuthenticationType,
                Notifications = new OpenIdConnectAuthenticationNotifications
                {
                    SecurityTokenValidated = ClaimsTransformer.GenerateUserIdentityAsync
                }
            };
    
            identityOptions.ForUmbracoBackOffice(Style, Icon);
            identityOptions.Caption = Caption;
            identityOptions.AuthenticationType = "http://localhost:8080/";
    
            var providerOptions = new BackOfficeExternalLoginProviderOptions { AutoLinkOptions = new ExternalSignInAutoLinkOptions(true) };
            identityOptions.SetBackOfficeExternalLoginProviderOptions(providerOptions);
    
            app.UseOpenIdConnectAuthentication(identityOptions);
        }
    }
    public class ClaimsTransformer
    {
        public static async Task GenerateUserIdentityAsync(
            SecurityTokenValidatedNotification<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions> notification)
        {
            // Now this contains ID claims (e.g. GivenName in my case)
            var id = notification.AuthenticationTicket.Identity;
    
            var identityUser = new ClaimsIdentity(
                id.Claims, // copy the claims I have
                notification.AuthenticationTicket.Identity.AuthenticationType,
                // set the nameType, so Umbraco can use the 'ExternalLogin.Name' for auto-link to work
                ClaimTypes.GivenName, // <-- You have to set a correct nameType claim
                ClaimTypes.Role);
    
            notification.AuthenticationTicket = new AuthenticationTicket(identityUser,
                   notification.AuthenticationTicket.Properties);
        }
    }
    

    Anyone with the same issue?

Please Sign in or register to post replies

Write your reply to:

Draft