Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at

  • Daniel Martins 2 posts 22 karma points
    May 10, 2021 @ 12:51
    Daniel Martins

    Umbraco Backoffice Custom Authentication

    Hi, I'm trying to set the backoffice custom authentication with Keycloak openid, and everything goes well, until i'm redirect again to umbraco and it shows the login screen again.

    This is my custom Owin Startup:

         public class UmbracoCustomOwinStartup : UmbracoDefaultOwinStartup
        static readonly string Caption = "Keycloak";
        static readonly string ClientId = "umbraco";
        static readonly string Style = "btn-github";
        static readonly string Icon = "fa-key";
        /// <summary>
        /// Configures the <see cref="BackOfficeUserManager"/> for Umbraco
        /// </summary>
        /// <param name="app"></param>
        protected override void ConfigureUmbracoUserManager(IAppBuilder app)
            // There are several overloads of this method that allow you to customize the BackOfficeUserManager or even custom BackOfficeUserStore.
                //The Umbraco membership provider needs to be specified in order to maintain backwards compatibility with the 
                // user password formats. The membership provider is not used for authentication, if you require custom logic
                // to validate the username/password against an external data source you can create create a custom UserManager
                // and override CheckPasswordAsync
        protected override void ConfigureUmbracoAuthentication(IAppBuilder app)
            app.UseUmbracoBackOfficeTokenAuth(new BackOfficeAuthServerProviderOptions());
            var identityOptions = new OpenIdConnectAuthenticationOptions
                Caption = Caption,
                Authority = "http://localhost:8080/",
                AuthenticationType = "http://localhost:8080/",
                ClientId = ClientId,
                RedirectUri = "http://umbraco.bifrost.localhost/umbraco",
                PostLogoutRedirectUri = "http://umbraco.bifrost.localhost/umbraco",
                ResponseType = "code",
                Scope = "openid profile roles email",
                RequireHttpsMetadata = false,
                MetadataAddress = "http://localhost:8080/auth/realms/umbracorealm/.well-known/openid-configuration",
                SignInAsAuthenticationType = Constants.Security.BackOfficeExternalAuthenticationType,
                Notifications = new OpenIdConnectAuthenticationNotifications
                    SecurityTokenValidated = ClaimsTransformer.GenerateUserIdentityAsync
            identityOptions.ForUmbracoBackOffice(Style, Icon);
            identityOptions.Caption = Caption;
            identityOptions.AuthenticationType = "http://localhost:8080/";
            var providerOptions = new BackOfficeExternalLoginProviderOptions { AutoLinkOptions = new ExternalSignInAutoLinkOptions(true) };
    public class ClaimsTransformer
        public static async Task GenerateUserIdentityAsync(
            SecurityTokenValidatedNotification<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions> notification)
            // Now this contains ID claims (e.g. GivenName in my case)
            var id = notification.AuthenticationTicket.Identity;
            var identityUser = new ClaimsIdentity(
                id.Claims, // copy the claims I have
                // set the nameType, so Umbraco can use the 'ExternalLogin.Name' for auto-link to work
                ClaimTypes.GivenName, // <-- You have to set a correct nameType claim
            notification.AuthenticationTicket = new AuthenticationTicket(identityUser,

    Anyone with the same issue?

Please Sign in or register to post replies

Write your reply to: