Sitecore Federated Authentication

Sitecore Federated Authentication – Part 3 – Sitecore User and Claims Identity

March 5, 2018March 5, 2018 nikkipunjabi 1 Comment

If you have followed my previous post, I hope you should now be able to login to Sitecore using External Identity Provider. In this post, we will see more about Claims Identity and store required values in Sitecore User Profile also we’ll create a user with the user’s email address instead of the hash code.

Claims Identity

Claims-based identity is a common way for applications to acquire the identity information they need about users inside their organization, in other organizations, and on the Internet.

Both Google and Facebook provide different claim identity name and value. So in order to bind properly, we have to update the configuration as below. You should explore Facebook Graph API from Facebook and OAuth 2.0 Playground from Google in order to get more information about the user.

In order to store the Full Name value of a user in Sitecore, I was trying to add http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name claim directly to a Full Name Property in Sitecore User Profile for a user in Property Initializer Mapping. But each time I try to add it always store sitecore\APTixbqulVz0qp5xEbNrkA in the Full Name instead storing Nikki Punjabi as a name, which I was getting from both the identity providers as a claim value.

Solution:

<!--Add Full Name Claim Transformation-->
<transformation name="name" type="Sitecore.Owin.Authentication.Services.DefaultTransformation,Sitecore.Owin.Authentication">
	<sources hint="raw:AddSource">
	        <claim name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name" />
	</sources>
	<targets hint="raw:AddTarget">
	        <claim name="FullName" />
	</targets>
</transformation>

Sitecore Federated Authentication – Part 2 – Google and Facebook App and the Custom Processor

March 1, 2018March 5, 2018 nikkipunjabi 1 Comment

In the previous post, we did the required configuration for the authentication with Google and Facebook Identity Providers. Now we need to write the processor which will connect the Sitecore instance with External Identities. Before that, we need the Client ID and Client Secret keys from Google and App ID and App Secret keys from Facebook.

Create Facebook App

Create the Facebook app – https://developers.facebook.com/

Set up the Facebook Login and create a Web App.

Go to Basic and copy the App ID and App Secret keys. We’ll need it at the later stage. You’ll need to add the Privacy-Policy URL.

Click on Settings – Enter the proper value for Valid OAuth redirect URIs. This will be <hostname> + “/signin-” + <identityprovidername>. In my case it’s https://sc90.local.com/signin-facebook

Create Google App

Create the new Google Project – https://console.developers.google.com/

In the API Library, Enable Google+ API. Go to API Library, navigate to Social, you’ll find the Google+API. Select and Click on Enable. Our google app is now enabled for the OAuth Authentication.

Navigate to Credentials and Create OAuth client ID credentials — This will provide you the Client ID and Secret Key.

Provide Authorized redirect URIs, as we provided for Facebook, similarly provide for Google. In my case, it’s http://sc90.local.com/signin-google

We have created the application on Facebook and Google for the OAuth Authentication to work properly. Now we have to write the custom processor and pass the proper keys for Facebook and Google identity providers.

Sitecore Federated Authentication – Part 1 – Authentication with Google and Facebook Identity Providers

February 27, 2018March 5, 2018 nikkipunjabi 7 Comments

Hello Sitecorians,

Hope you all are enjoying the Sitecore Experience 🙂

Sitecore has brought about a lot of exciting features in Sitecore 9. One of the features available out of the box is Federated Authentication. I will show you a step by step procedure for implementing Facebook and Google Authentication in Sitecore 9. Before we dive in, it’s always good to understand how the system works and the basic of Federated Authentication System.

So, what’s Authentication?

Authentication is the act of confirming the truth of an attribute of a single piece of data claimed true by an entity. In contrast with identification, which refers to the act of stating or otherwise indicating a claim purportedly attesting to a person or thing’s identity, authentication is the process of actually confirming that identity. It might involve confirming the identity of a person by verifying the authenticity of a website with a digital certificate.

wikipedia

What is OAuth?

OAuth is an Authorization Protocol. It’s an open standard for access delegation, commonly used as a way for Internet users to grant websites or applications access to their information on other websites but without giving them the passwords. This mechanism is used by companies such as Amazon, Google, Facebook, Microsoft and Twitter to permit the users to share information about their accounts with third-party applications or websites.

wikipedia

What’s OWIN Middleware?

It stands for Open Web Interface for .Net. It is a new standardized interface between web servers and applications. It stands as a middleware to be used in a pipeline to handle requests and associated responses. OWIN provides a decoupling layer that allows two frameworks with disparate object models to be used together.

What’s Federated Authentication?

It is also called as Federated Identity or SSO (Single Sign-On)

A federated identity in information technology is the means of linking a person’s electronic identity and attributes, stored across multiple distinct identity management systems.

wikipedia

Sitecore uses the ASP.NET Membership provider for the Sitecore user login. Now we can integrate external identity provider login easily by writing few lines of code. ASP.NET Provides the external identity functionality based on OWIN-Middleware. Sitecore has implemented the OWIN Pipeline very nicely directly into the core platform.

How it works?