More of a high level request for knowledge or if anyone has tried this but we're looking at the potentially of an Episerver solution acting as a federated security server. We've a client who have a number of third party relationships and services who'd eventually like their users to be able to login using their website account - not an immediate requirement but long term goal.
At the moment most single sign on and federated security documentation and blogs I've seen all seem to deal with being able to log in to Episerver using other services such as Active Directory but I see much less the other way around. From what I can tell one of the vendors supports SAML 2.0 but I don't have details on the others.
I've some experience with allow logins using Active Directory or services such as Google or Facebook, there seems to be plenty examples of these, but none going the other way around i.e. allow third party websites to log users in using their account from your website.
I'm curious if others have had to approach this problem and what there may be in the way of existing solutions or packages, if any, that helped you solve this. Unfortunately due to the similarity in terms much of my searching keeps coming up with the more common scenario so I thought I'd ask the community brain out of curiosity.
If I understand you correctly, you're looking for the IDP (identity provider) setup documentation that are not belonging to Episerver product. Episerver solution can be integrated with most of well known standards(SAML, Oauth, OIDC), but Episerver itself is not IDP (identity provider).
If you want your website to act as IDP on top of existing memberhip data, take a look of IdentityServer. IdentityServer is an open-source and certificated authentication server that allows you to build identity and access control solutions for modern applications, including single sign-on, identity management, authorization, and API security.
I hope this is helpful.
Adding to what Vincent already said, look at IdentityServer as your IDP (or some other product) BUT don't make you Episerver website the IDP. Have a separate IDP and make Episerver + the third party apps use the IDP.
Why? There are many reasons but a few:
As a central customer authentication service, you could use something like Azure AD B2C, Auth0 or Okta. Style the login page like the website, so few people notices the difference.
Then your client can use this authentication service for both Episerver and third-party services.
The users will think they login using their "website account", but it will not actually be managed in Episerver.