and it worked well for back office users. Users were able to login to back office and OnExternalLogin, OnAutoLinking were called.
But for some reason it doesn't work for members. OnExternalLogin, OnAutoLinking are never called and I had to add KeycloakLoginCallback to signin members. Is that right or I'm doing sth wrong? I would expect members to work similarly to users.
public class KeycloakMemberExternalLoginProviderOptions : IConfigureNamedOptions<MemberExternalLoginProviderOptions>
{
public const string SchemeName = "Keycloak";
public void Configure(string name, MemberExternalLoginProviderOptions options)
{
if (name != Umbraco.Cms.Core.Constants.Security.MemberExternalAuthenticationTypePrefix + SchemeName)
{
return;
}
Configure(options);
}
public void Configure(MemberExternalLoginProviderOptions options) =>
options.AutoLinkOptions = new MemberExternalSignInAutoLinkOptions(
// Must be true for auto-linking to be enabled
autoLinkExternalAccount: true,
// Optionally specify the default culture to create
// the user as. If null it will use the default
// culture defined in the web.config, or it can
// be dynamically assigned in the OnAutoLinking
// callback.
defaultCulture: null,
// Optionally specify the default "IsApprove" status. Must be true for auto-linking.
defaultIsApproved: true,
// Optionally specify the member type alias. Default is "Member"
defaultMemberTypeAlias: "Member",
// Optionally specify the member groups names to add the auto-linking user to.
defaultMemberGroups: new[] { "partnerMembers" }
)
{
// Optional callback
OnAutoLinking = (autoLinkUser, loginInfo) =>
{
// You can customize the member before it's linked.
// i.e. Modify the member's groups based on the Claims returned
// in the externalLogin info
},
OnExternalLogin = (user, loginInfo) =>
{
// You can customize the member before it's saved whenever they have
// logged in with the external provider.
// i.e. Sync the member's name based on the Claims returned
// in the externalLogin info
return true; //returns a boolean indicating if sign in should continue or not.
}
};
}
and KeycloakAuthenticationExtension.cs
public static class KeycloakAuthenticationExtension
{
public static IUmbracoBuilder AddMemberKeycloakAuthentication(this IUmbracoBuilder builder)
{
builder.Services.ConfigureOptions<KeycloakMemberExternalLoginProviderOptions>();
builder.AddMemberExternalLogins(logins =>
{
logins.AddMemberLogin(
memberAuthenticationBuilder =>
{
memberAuthenticationBuilder.AddKeycloak(
// The scheme must be set with this method to work for the umbraco members
memberAuthenticationBuilder.SchemeForMembers("UmbracoMembers.Keycloak"),
options =>
{
options.AccessType = KeycloakAuthenticationAccessType.Confidential;
options.BaseAddress = new Uri("http://localhost:8080/");
options.Domain = "http://localhost:8080/";
options.Realm = "MyTestLocalRealm";
options.ClientId = "umbracoLocalTest";
options.ClientSecret = "cywWTElC4jojVbfajXwPdZaQZCbv6f4P";
});
});
});
return builder;
}
}
Thanks Marcin, it helped me a lot. But I faced with another issue... I've expected that after sign member out keycloak session also should be terminated. Do you able to log member out for keycloak?
I tried redirecting to logout endpoint, but session is still active.
Integrating Umbraco with Keycloak works for back office users not for members.
Hi All!
I'm trying to integrate Umbraco members with Keycloak to let them to log into my app. I used this nuget for Keycloak: https://www.nuget.org/packages/AspNet.Security.OAuth.Keycloak/
Have a look at my test project: https://github.com/wlodarzmar/UmbracoKeycloakIntegrationTest/tree/master/UmbracoKeycloakIntegrationTest
I followed the article at: https://our.umbraco.com/documentation/reference/security/auto-linking/#example-for-members
and it worked well for back office users. Users were able to login to back office and OnExternalLogin, OnAutoLinking were called. But for some reason it doesn't work for members. OnExternalLogin, OnAutoLinking are never called and I had to add KeycloakLoginCallback to signin members. Is that right or I'm doing sth wrong? I would expect members to work similarly to users.
Startup.cs:
KeycloakMemberExternalLoginProviderOptions.cs:
and KeycloakAuthenticationExtension.cs
Hi Marcin,
I currently have the same issue. Have you found a solution?
Irina
I added GithubLoginCallback action like shown in below blogpost: https://poornimanayar.co.uk/blog/member-login-using-github-in-umbraco-9/
Thanks Marcin, it helped me a lot. But I faced with another issue... I've expected that after sign member out keycloak session also should be terminated. Do you able to log member out for keycloak?
I tried redirecting to logout endpoint, but session is still active.
is working on a reply...