SaaS CMS has officially launched! Learn more now.

Commerce Manager OpenID Roles & Claims not working as expected (11.7.1)


Hey all,

I have configured OpenID authentication to Azure AD using the guides for both the CMS and Commerce Manager on a test instance of Episerver. I have the user logging in to both of these and they are assigned to WebEditors and WebAdmins on the client AD instance (I have checked the claims coming back).

Everything is working for the user to be editor and admin in the CMS but on Commerce Manager I'm only seeing the tabs Catalog Management, Order Management and Marketing. I've checked the web.config and the roles are set up as follows


Which should me that WebAdmins are full admins? Can anyone help, is there something I've missed?

Feb 14, 2018 13:57

(First thing that I'll do) Compared the (Role Definitions) Manifest file with roles defined in web.config? (Each role should have unique GUID), Have you compared those? and off course User that have access to that Application have also role 'CommerceAdmins'


Edited, Feb 14, 2018 17:23
<p>I don't have access to the Client Azure Portal but as I've said this is working fine the&nbsp;Episerver sit&nbsp;and I've get the claims coming during the authentication for the user so I know the WebEditors and WebAdmins roles are correctly returning as claims for the user.&nbsp; As for&nbsp;<span>CommerceAdmins the configuration is as above, this is a MappedRole&nbsp;and should be mapped to&nbsp;WebAdmins, Administrators roles so as the user is coming back with WebAdmins this should be working</span></p>
Feb 14, 2018 17:40

this can be verified by writing a small piece of code that can verify that what epi returns for principal.IsInRole('CommerceAdmin'), Quite recently I have faced similar kind of issue when user must have to be in "SpecialRole" mapped to WebAdmins, for me correct mapping of roles fixed that.


Feb 14, 2018 17:49

Turns out I need to get the client to add the Administrators role in which hadn't been done, I thought as the config said WebAdmins were CommerceAdmins it would work without but I guess not. Thanks for the help anyhow

Feb 14, 2018 18:08
* You are NOT allowed to include any hyperlinks in the post because your account hasn't associated to your company. User profile should be updated.