London Dev Meetup Rescheduled! Due to unavoidable reasons, the event has been moved to 21st May. Speakers remain the same—any changes will be communicated. Seats are limited—register here to secure your spot!

AI OnAI Off

The Edit Page icon doesn't show up even though federated login works

Tony Mattsson
Tony Mattsson
Vote:
 
Hi,
I have configured SAML2 for login, and it works but "Edit page" doesn't show up. Going from login page ([Authorize] in the controller), redirecting to AD FS IDP, back to /Saml2/Acs and then to the login page. The login page shows normally, but no "Edit page" button shows.
I can see that I have valid claims (in the controller) via:
var userClaims = User.Claims.Select(c => new { c.Type, c.Value }).ToList();
In Optimizely admin "Set Access Rights", I have a bunch of roles, and they match those in my user claims.
In my configuration I have:
.AddCookie(options =>
	{
		options.ExpireTimeSpan = TimeSpan.FromDays(2);
		options.Events.OnSignedIn = async ctx =>
		{
			if (ctx.Principal?.Identity is ClaimsIdentity claimsIdentity)
			{
				var synchronizingUserService = ctx
				  .HttpContext
				  .RequestServices
				  .GetRequiredService<ISynchronizingUserService>();

				await synchronizingUserService.SynchronizeAsync(claimsIdentity);
			}
		};
	}
)

I am assuming the above code cookie-code would synchronize the claims I have from the AD FS server with the access rights in Optimizely. Claims I have from server has admin priveleges in "Access rights" in Optimizely.

The code is up on server on DXP, so I have limited logging capabilities (there are no errors logged). Anyone has a hunch of what could be wrong or how to troubleshoot in a effective way?
/ Tony
#321272
Apr 30, 2024 7:39
Daniel Isaacs
Daniel Isaacs
Vote:
 

In Optimizely admin "Set Access Rights", I have a bunch of roles, and they match those in my user claims.

Do you have the user in WebEditors/CmsEditors (or WebAdmins/CmsAdmins) (either directly, or mapped via Virtual Role )? I believe that's what gives access to the CMS.

#321289
Apr 30, 2024 22:01
Tony Mattsson - May 02, 2024 15:22
I had to write a log in page and the user gets logged in in the controller:.
Vincent
Vincent
Vote:
 

Hi Tony

Do you have AddCmsAspNetIdentity configured in your solution as well? If yes, try to remove it to see if it's working. 

#321326
May 01, 2024 1:52
Tony Mattsson
Tony Mattsson
Vote:
 

I solved it by creating a login page and logging in the user in the controller:

if (user == null)
{
	var optimizelyUser = await _userProvider.FindUsersByEmailAsync(User.Identity.Name, 0, int.MaxValue).FirstOrDefaultAsync();

	if (optimizelyUser != null)
	{
		// Check if the user has the necessary claim
		if (User.Identity.IsAuthenticated &&
			userClaims.Any(c => // c.Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/role" &&
								c.Value == "claim_from_claims") &&
			User.Identity.Name == optimizelyUser.Email)
		{
			// Get the user by their email
			user = await _userManager.FindByEmailAsync(User.Identity.Name);

			if (user != null)
			{
				// Check if the user is a member of the necessary groups
				var userRoles = await _userManager.GetRolesAsync(user);
				if (userRoles.Contains("WebAdmins") && userRoles.Contains("Administrators"))
				{
					// Sign in the user
					await _signInManager.SignInAsync(user, isPersistent: false);
					
					return Redirect(Request.Path);
				}
			}
		}
	}
}
#321404
May 02, 2024 15:25
This topic was created over six months ago and has been resolved. If you have a similar question, please create a new topic and refer to this one.
* You are NOT allowed to include any hyperlinks in the post because your account hasn't associated to your company. User profile should be updated.