Virtual Happy Hour this month, Jun 28, we'll be getting a sneak preview at our soon to launch SaaS CMS!

Try our conversational search powered by Generative AI!

The Edit Page icon doesn't show up even though federated login works

I have configured SAML2 for login, and it works but "Edit page" doesn't show up. Going from login page ([Authorize] in the controller), redirecting to AD FS IDP, back to /Saml2/Acs and then to the login page. The login page shows normally, but no "Edit page" button shows.
I can see that I have valid claims (in the controller) via:
var userClaims = User.Claims.Select(c => new { c.Type, c.Value }).ToList();
In Optimizely admin "Set Access Rights", I have a bunch of roles, and they match those in my user claims.
In my configuration I have:
.AddCookie(options =>
		options.ExpireTimeSpan = TimeSpan.FromDays(2);
		options.Events.OnSignedIn = async ctx =>
			if (ctx.Principal?.Identity is ClaimsIdentity claimsIdentity)
				var synchronizingUserService = ctx

				await synchronizingUserService.SynchronizeAsync(claimsIdentity);

I am assuming the above code cookie-code would synchronize the claims I have from the AD FS server with the access rights in Optimizely. Claims I have from server has admin priveleges in "Access rights" in Optimizely.

The code is up on server on DXP, so I have limited logging capabilities (there are no errors logged). Anyone has a hunch of what could be wrong or how to troubleshoot in a effective way?
/ Tony
Apr 30, 2024 7:39

In Optimizely admin "Set Access Rights", I have a bunch of roles, and they match those in my user claims.

Do you have the user in WebEditors/CmsEditors (or WebAdmins/CmsAdmins) (either directly, or mapped via Virtual Role )? I believe that's what gives access to the CMS.

Apr 30, 2024 22:01
Tony Mattsson - May 02, 2024 15:22
I had to write a log in page and the user gets logged in in the controller:.

Hi Tony

Do you have AddCmsAspNetIdentity configured in your solution as well? If yes, try to remove it to see if it's working. 

May 01, 2024 1:52

I solved it by creating a login page and logging in the user in the controller:

if (user == null)
	var optimizelyUser = await _userProvider.FindUsersByEmailAsync(User.Identity.Name, 0, int.MaxValue).FirstOrDefaultAsync();

	if (optimizelyUser != null)
		// Check if the user has the necessary claim
		if (User.Identity.IsAuthenticated &&
			userClaims.Any(c => // c.Type == "" &&
								c.Value == "claim_from_claims") &&
			User.Identity.Name == optimizelyUser.Email)
			// Get the user by their email
			user = await _userManager.FindByEmailAsync(User.Identity.Name);

			if (user != null)
				// Check if the user is a member of the necessary groups
				var userRoles = await _userManager.GetRolesAsync(user);
				if (userRoles.Contains("WebAdmins") && userRoles.Contains("Administrators"))
					// Sign in the user
					await _signInManager.SignInAsync(user, isPersistent: false);
					return Redirect(Request.Path);
May 02, 2024 15:25
* You are NOT allowed to include any hyperlinks in the post because your account hasn't associated to your company. User profile should be updated.