Virtual Happy Hour this month, Jun 28, we'll be getting a sneak preview at our soon to launch SaaS CMS!

Try our conversational search powered by Generative AI!

EPiServer Commerce and ADFS

Vote:
 

We have an existing site running CMS with single sign on via adfs. As we're going to use Commerce in the solution as well, I will need to setup the Commerce Manager for login via ADFS also. I went through this guide, and although it's for the CMS, I tried to do adjustments to the Commerce configuration as described; but with no luck.

Do you have any pointers that can get me started with this?

We're using CMS/Commerce 11.

#195060
Edited, Jul 12, 2018 12:24
Vote:
 

We haven't officially tested Commerce with ADFS, so we don't have any official guide - yet. Will work on that in near future. 

#195099
Jul 13, 2018 10:16
Vote:
 

Which ADFS version are you trying with? You should use OpenID Connect and I read "ADFS in Windows Server 2016 TP3 comes with brand new support for OpenId Connect" so I guess that's the minimum version unless you put another identity service in between that can handle WSFed and then OIDC from there. Auth0 for example.

#195220
Jul 17, 2018 23:04
Vote:
 

This works in Commerce Manager as well Blog, just remove the cookie authentication part in the Startup and WsFed or OpenIdConnect

#195253
Jul 18, 2018 17:06
Vote:
 

Try to avoid using WsFed if your ID product supports OpenId Connect. WsFed is less secure than OIDC with validation of state and nonce parameters (open for replay attacks). With Owin OIDC you can also pick a hybrid flow and only use data from the "secret" backchannel.

Also WsFed postback will trigger Cloudflare security layer so it's not compatible with DXC Service without Managed services turning things off in Cloudflare making your setup custom and less secure.

#195278
Jul 19, 2018 10:10
* You are NOT allowed to include any hyperlinks in the post because your account hasn't associated to your company. User profile should be updated.