Can't get signing in using ADFS to work

Vote:
 

My goal is to use both local SQL users and AD users to log in to Episerver's edit/admin mode. But my problem starts already with trying to get login using ADFS to work.

I've installed a fresh Alloy site, and just changed Startup.cs as described here: http://world.episerver.com/documentation/developer-guides/CMS/security/federated-security/ 
Everything works as expected until the identity should be synchronized to Episerver. I get a 401.2 error when accessing edit mode, wich according to the documentation indicates that the identity provider does not send the required role claims.

No error is thrown, nothing is logged in EPiServerErrors.log. The user doesn't get synchronized (at least nothing is updated in the AspNetUsers table).

When debugging I can take a look at the Identity returned from ADFS. To me the values looks ok, but I'm not sure if the Role claim is sent in the right format. What will it look like if the user belongs to multiple roles?

Don't know what to do next. Please help, otherwise I will start developing in SiteCore :-) (I know I shouldn't be making jokes like that)

#177796
Apr 19, 2017 16:45
Vote:
 

AspNetUsers table are not part of EPiServer scheme. The synched roles are stored in tblSynchedUserRole, synched users are stored in tblSynchedUser and the relations between them are stored in tblSynchedUserRelations. 

#177844
Apr 20, 2017 13:17
Vote:
 

Yes! Thank you, the synchronisation is indeed working. The problem was using the role "CmsAdmins" as specified in the documentation. To get that to work I also needed to make changes to web.config to give CmsAdmins correct access.

#177877
Edited, Apr 21, 2017 11:15
This topic was created over six months ago and has been resolved. If you have a similar question, please create a new topic and refer to this one.
* You are NOT allowed to include any hyperlinks in the post because your account hasn't associated to your company. User profile should be updated.