We are trying to integrate ADFS 3.0 WS federated authentication with Umbraco for front-end users. We just want the users in AD to access the Umbraco website.
We were able to implement ADFS authentication using normal ASP.NET MVC web site using Owin middleware (Microsoft.Owin.Security.WsFederation).
We are not sure how to implement this in Umbraco.
Here is the problem we are facing
We have inherited UmbracoDefaultOwinStartup and added WSFederationAuthentication middleware. Then added owin:appStartup in appSettings. Middleware configured successfully.
ADFS metadata url and WTrealm is added in appsettings. Using metadata and WTrealm we have successfully redirected to ADFS server and able to login there. But when redirecting back to our site, we are not getting user identity in HttpContext.GetOwinContext().Authentication variable.
You might be able to find some help in this setup, we created.
In this setup, we only use ADFS to check login, and establish a username, when that's done, we add an ordinary Umbraco member login, and use that in the frontend. This enables using ordinary umbraco backend procedures for handling user group membership, and access rights to pages.
Sorry to intercept thread, but I do have a question regarding you solution Jesper Hauge.
I have something similar from the nuget package Umbraco.Identity. But we have a problem that when you try to Preview a page from backoffice, the Backoffice user is not permitted to see it. He or she is redirected to the adfs server for member login. One of two things might happen. If already logged in to the adfs it will redirect back and forth the site and adfs and will eventually get a "too many redirects" error. If not you get cross-origin error as the adfs content is not allowed to be loaded in the iframe (preview).
I tried a hack to imporsonate the membership user if already logged in as backoffice user, but with no luck.
Umbraco SSO using ADFS 3.0
We are trying to integrate ADFS 3.0 WS federated authentication with Umbraco for front-end users. We just want the users in AD to access the Umbraco website.
We were able to implement ADFS authentication using normal ASP.NET MVC web site using Owin middleware (Microsoft.Owin.Security.WsFederation).
We are not sure how to implement this in Umbraco.
Here is the problem we are facing
We have inherited UmbracoDefaultOwinStartup and added WSFederationAuthentication middleware. Then added owin:appStartup in appSettings. Middleware configured successfully.
ADFS metadata url and WTrealm is added in appsettings. Using metadata and WTrealm we have successfully redirected to ADFS server and able to login there. But when redirecting back to our site, we are not getting user identity in HttpContext.GetOwinContext().Authentication variable.
Any help with this will be greatly appreciated.
Are you able to share the code for the owin middleware - maybe in a gist?
/ Morten
Hi Morten,
Here is the code we tried https://gist.github.com/spn-phases/e74427edd4c154c22122e0981ea8317f
You might be able to find some help in this setup, we created.
In this setup, we only use ADFS to check login, and establish a username, when that's done, we add an ordinary Umbraco member login, and use that in the frontend. This enables using ordinary umbraco backend procedures for handling user group membership, and access rights to pages.
https://gist.github.com/jhauge/d154af1badc24dc11d974f5413de67d4
Regards Jesper Hauge
Hey,
Sorry to intercept thread, but I do have a question regarding you solution Jesper Hauge.
I have something similar from the nuget package Umbraco.Identity. But we have a problem that when you try to Preview a page from backoffice, the Backoffice user is not permitted to see it. He or she is redirected to the adfs server for member login. One of two things might happen. If already logged in to the adfs it will redirect back and forth the site and adfs and will eventually get a "too many redirects" error. If not you get cross-origin error as the adfs content is not allowed to be loaded in the iframe (preview).
I tried a hack to imporsonate the membership user if already logged in as backoffice user, but with no luck.
You don't have that problem?
is working on a reply...