Umbraco 10 - Single Sign On Implementation Problems
Hello,
The client is using Umbraco 10 on the Cloud and I've implemented the SSO by following the documentation here.
I've also tried the autolinking documentation and don't seem to be getting anywhere with that. It looks like the user needs to be created first in the back office before they can log in and link their account to their MS Account.
The client wants it so if they exist in the Azure directory then they can click on sign with Microsoft on the /umbraco URL and this would then link their account automatically.
I've made sure to set the deny local login to true here;
options.DenyLocalLogin = true;
This is the full code file;
using Microsoft.Extensions.Options;
using Umbraco.Cms.Core;
using Umbraco.Cms.Web.BackOffice.Security;
namespace UmbracoProject
{
public class OpenIdConnectBackOfficeExternalLoginProviderOptions : IConfigureNamedOptions<BackOfficeExternalLoginProviderOptions>
{
public const string SchemeName = "OpenIdConnect";
public void Configure(string name, BackOfficeExternalLoginProviderOptions options)
{
if (name != "Umbraco." + SchemeName)
{
return;
}
Configure(options);
}
public void Configure(BackOfficeExternalLoginProviderOptions options)
{
options.ButtonStyle = "btn-danger";
options.Icon = "fa fa-cloud";
options.AutoLinkOptions = new ExternalSignInAutoLinkOptions(
// must be true for auto-linking to be enabled
autoLinkExternalAccount: true,
// Optionally specify default user group, else
// assign in the OnAutoLinking callback
// (default is editor)
defaultUserGroups: new[] { Constants.Security.EditorGroupAlias },
// Optionally specify the default culture to create
// the user as. If null it will use the default
// culture defined in the web.config, or it can
// be dynamically assigned in the OnAutoLinking
// callback.
defaultCulture: null,
// Optionally you can disable the ability to link/unlink
// manually from within the back office. Set this to false
// if you don't want the user to unlink from this external
// provider.
allowManualLinking: false
)
{
// Optional callback
OnAutoLinking = (autoLinkUser, loginInfo) =>
{
// You can customize the user before it's linked.
// i.e. Modify the user's groups based on the Claims returned
// in the externalLogin info
},
OnExternalLogin = (user, loginInfo) =>
{
// You can customize the user before it's saved whenever they have
// logged in with the external provider.
// i.e. Sync the user's name based on the Claims returned
// in the externalLogin info
return true; //returns a boolean indicating if sign in should continue or not.
}
};
// Optionally you can disable the ability for users
// to login with a username/password. If this is set
// to true, it will disable username/password login
// even if there are other external login providers installed.
options.DenyLocalLogin = true;
// Optionally choose to automatically redirect to the
// external login provider so the user doesn't have
// to click the login button. This is
options.AutoRedirectLoginToExternalProvider = false;
}
}
}
Umbraco 10 - Single Sign On Implementation Problems
Hello,
The client is using Umbraco 10 on the Cloud and I've implemented the SSO by following the documentation here.
I've also tried the autolinking documentation and don't seem to be getting anywhere with that. It looks like the user needs to be created first in the back office before they can log in and link their account to their MS Account.
The client wants it so if they exist in the Azure directory then they can click on sign with Microsoft on the
/umbracoURL and this would then link their account automatically.I've made sure to set the deny local login to true here;
This is the full code file;
Here is a Loom recording that I did a while back that might help. https://www.loom.com/share/9fb2f43160da4266a8243de1d52479f2?sid=d818c83d-f729-42be-8d75-bd21c8fd3b27
Can anyone assist me with this at the moment the SSO is not working seamlessly, it requires a lot of manual work to get it to work.
Thanks,
Javed
is working on a reply...