Vulnerability in EPiServer.Forms
There is a lot of documenation on enabling SSO/oAuth for the admin interface and/or for the API.
Is there anything to implement/enable it on the end user website that is created using Epi/Optimizely? For example an end-user goes to the site, clicks on login, goes to an external login page using oAuth, returns back to the website and is now logged in. Not sure how to explain it any better but I am not talking about the admin interface an/or giving access to the API. For version 12 is fine... we can apply the same concept to 11.
Any help or pointers for a sample implemention would be helpful.
Have you tried following this docs? Integrate Azure AD using OpenID Connect (optimizely.com)?
It's about integrating Optimizely CMS with Azure AD, but I think it would be the same for other providers.
Thanks for the response. Does that still seem to be for the Optimizely admin interface/users? The reason I am asking is because.
Ashish, this would be pretty standard for any kind of Identity Provider / SSO Integration, as part of you implementation you can Synch the roles you setup in oAuth to the CMS, this is also detailed in the blog mentioned by Bac,
// Syncs user and roles so they are available to the CMS
var synchronizingUserService = ctx
You are also able to map virtual roles either via appSettings or Programatically, see here for information : https://docs.developers.optimizely.com/content-cloud/v12.0.0-content-cloud/docs/virtual-roles
The interface for logging a user in will all be hadled via the provider be it Auth0, Okta or Azure AD etc