We are planning to implement IAM (WSO2 Identity server) solution for User management and authentication in our CMS site which uses version 9.
I wanted information about how we can implement it in our project and how User Groups and Access rights(Authorization) works with these external user management system.
Could anyone please help me in having some information about this or reference where I can refer how to implement this in EPiServer?
Thanks in advance.
The approach I'd take for authentication is Owin - that you implement just the same as you'd implement it in any other solution. Documentation is here as well as in some peer documentation pages. You will need to figure out the actual steps for the specific IP.
The parts that are custom to EPiServer are:
Full integration of user/role management and access rights is done then through Owin membership/role provider. For some inspiration, you might take a look into this blogpost as well as this one. You can then choose what you want to implement, ex. you might not need user/role creation/update/deletion. You might not need some of the things, ex. EPi_ roles check, if you don't want to create/delete users at all, that will simplify the code of the providers. Next week I intend to update the github project with some performance improvements, one of them being from Svein's blogpost, but this should get you kick started.
Thanks for this quick reply.
Actually, we are not using OWIN part, instead we will use WSO2 api for authentication. I would like to know, as this is an external user management system, how the user roles(user groups) get connected to EPiserver, so that Access rights can be handled from there through episerver system. From the IAM server, when user logs in internally we get response from Identity server which will contain Token and user inofmration like user name and User role. So, How we can connect this user with the roles so that Access rights will get handled from EPiServer system as we do normally?
The approach would be the same - you write a membership/role provider that reads from wherever you want it to read. User/role management interface in admin mode, as well as set access rights essencially calls methods like ex. Roles.GetAllRoles or Users.GetAllUsers from whichever provider is set in web.config file.