So I've setup login using an external identity provider (IdentityServer4), and it works almost as I intended.
My challenge is I'm using SetExternalSignInAutoLinkOptions to auto-link the incoming identity to an existing account in Umbraco. This works fine. But if no account is found, it creates one. I would like to prevent this from happening. So auto-linking is ok for accounts that exist else it should stop.
Unfraternally it is not possible to stop creating the user/member when you use the autolinking.
The only solution as I see it, is give the users a role to those that allowed to create a user, and on OnExternalLogin see if the current identity have in the Claim the allowed Role, just to prevent the identity to login in something like:
Too bad there isn't a solution preventing the user from being created.
My current solution is assigning a role with no access at all, and I've called the role "ToBeDeleted", and my thought was to delete the users in this role, once a day.
But combined with you're suggestion I could prevent them from logging in at all, which would be a great improvement.
Hi Thomas,
I'm using IdentityServer4 ( Quick-start setup ) as external identity provider too and it also works.
But when I implenment auto-linking options following document ( https://our.umbraco.com/documentation/reference/security/auto-linking ) , it seems like only OnAutoLinking funtion is not working . At first, I thought the Claims returned from IS missing email but then I could use email claims to auto create Umbraco members based on email info.
Is there more specific setup i should follow .
I'm new to Umbraco and using version 10.1.0 . I don't know whether if it is Umbraco V10 's bug or IdentityServer's bug anymore. I've searched this bug for week but i'm still stuck on this bug :(
Autolink - only if user is found
Hi,
So I've setup login using an external identity provider (IdentityServer4), and it works almost as I intended.
My challenge is I'm using SetExternalSignInAutoLinkOptions to auto-link the incoming identity to an existing account in Umbraco. This works fine. But if no account is found, it creates one. I would like to prevent this from happening. So auto-linking is ok for accounts that exist else it should stop.
Where would I implement this?
BR Thomas
Hey Thomas,
Unfraternally it is not possible to stop creating the user/member when you use the autolinking.
The only solution as I see it, is give the users a role to those that allowed to create a user, and on
OnExternalLogin
see if the current identity have in the Claim the allowed Role, just to prevent the identity to login in something like:Too bad there isn't a solution preventing the user from being created.
My current solution is assigning a role with no access at all, and I've called the role "ToBeDeleted", and my thought was to delete the users in this role, once a day.
But combined with you're suggestion I could prevent them from logging in at all, which would be a great improvement.
Thanks.
BR
Hi Thomas, I'm using IdentityServer4 ( Quick-start setup ) as external identity provider too and it also works.
But when I implenment auto-linking options following document ( https://our.umbraco.com/documentation/reference/security/auto-linking ) , it seems like only OnAutoLinking funtion is not working . At first, I thought the Claims returned from IS missing email but then I could use email claims to auto create Umbraco members based on email info.
Is there more specific setup i should follow .
I'm new to Umbraco and using version 10.1.0 . I don't know whether if it is Umbraco V10 's bug or IdentityServer's bug anymore. I've searched this bug for week but i'm still stuck on this bug :(
Thanks.
Regards
is working on a reply...