Using OpenID Connect at EPiServer CMS version 8.10.0

Vote:
 

Hi,

I've seen various posts about using OAuth and/or OpenID Connect to replace the default membership and role providers in EPiServer, but it's not clear which version of EPiSevrer the various solutions have been developed for. 

We have a customer with a site at v 8.10.0 of EPServer.CMS who wish to use a Corporate Authentication provider for Single Sign-On.

I think I'll need to use OpenID Connect in order to pull the Roles claim back from the provider (I've confirmed that this claim will be available), but the EPiServer documentation that mentions OpenID (https://world.episerver.com/documentation/developer-guides/CMS/security/integrate-azure-ad-using-openid-connect/) implies that this is only available from EPiServer v. 10 or greater.

I presume this is due to the requirement to use the EPiServer.Security.SynchronizingRolesSecurityEntityProvider, but can anyone confirm whether it will be possible to use the OpenID Roles claims in our customer's version of EPi?

[An upgrade is in the pipeline, but not for some time and the SSO requirement is more urgent]

Thanks,

Mark

#201697
Feb 27, 2019 15:54
Vote:
 

Hi Mark

The provider you mentioned was mentioned in the CMS 8 documetation (but as pre-release/beta): https://world.episerver.com/documentation/class-library/?documentId=cms/8/FACA871 

However OWIN based authentication is first mentioned in the CMS 9 documentation: https://world.episerver.com/documentation/Items/Developers-Guide/Episerver-CMS/9/Security/episerver-aspnetidentity/ 

So it may not be possible in the version you are running. If your corporate identity provider is ADFS then this has been officially supported since version 9.

If you are running Membership and Role providers then you might be able to put something together using the old post I wrote about enabling WIF in Episerver 6 by using custom role and membership providers: https://www.david-tec.com/2010/09/Enabling-Windows-Identity-Foundation-WIF-in-EPiServer/. Though this might not still work and could end up being more effort than upgrading! 

David

#201784
Mar 03, 2019 16:57
* You are NOT allowed to include any hyperlinks in the post because your account hasn't associated to your company. User profile should be updated.