Hi All!
I’m trying to integrate Umbraco members with Keycloak to let them to log into my app. I used this nuget for Keycloak: NuGet Gallery | AspNet.Security.OAuth.Keycloak 10.0.0
Have a look at my test project: UmbracoKeycloakIntegrationTest/UmbracoKeycloakIntegrationTest at master · wlodarzmar/UmbracoKeycloakIntegrationTest · GitHub
I followed the article at: Auto Linking, Reference - Our Umbraco
and it worked well for back office users. Users were able to login to back office and OnExternalLogin, OnAutoLinking were called.
But for some reason it doesn’t work for members. OnExternalLogin, OnAutoLinking are never called and I had to add KeycloakLoginCallback to signin members. Is that right or I’m doing sth wrong? I would expect members to work similarly to users.
Startup.cs:
public void ConfigureServices(IServiceCollection services)
{
services.AddUmbraco(_env, _config)
.AddBackOffice()
.AddWebsite()
.AddComposers()
.AddMemberKeycloakAuthentication()
.Build();
}
KeycloakMemberExternalLoginProviderOptions.cs:
public class KeycloakMemberExternalLoginProviderOptions : IConfigureNamedOptions<MemberExternalLoginProviderOptions>
{
public const string SchemeName = "Keycloak";
public void Configure(string name, MemberExternalLoginProviderOptions options)
{
if (name != Umbraco.Cms.Core.Constants.Security.MemberExternalAuthenticationTypePrefix + SchemeName)
{
return;
}
Configure(options);
}
public void Configure(MemberExternalLoginProviderOptions options) =>
options.AutoLinkOptions = new MemberExternalSignInAutoLinkOptions(
// Must be true for auto-linking to be enabled
autoLinkExternalAccount: true,
// Optionally specify the default culture to create
// the user as. If null it will use the default
// culture defined in the web.config, or it can
// be dynamically assigned in the OnAutoLinking
// callback.
defaultCulture: null,
// Optionally specify the default "IsApprove" status. Must be true for auto-linking.
defaultIsApproved: true,
// Optionally specify the member type alias. Default is "Member"
defaultMemberTypeAlias: "Member",
// Optionally specify the member groups names to add the auto-linking user to.
defaultMemberGroups: new[] { "partnerMembers" }
)
{
// Optional callback
OnAutoLinking = (autoLinkUser, loginInfo) =>
{
// You can customize the member before it's linked.
// i.e. Modify the member's groups based on the Claims returned
// in the externalLogin info
},
OnExternalLogin = (user, loginInfo) =>
{
// You can customize the member before it's saved whenever they have
// logged in with the external provider.
// i.e. Sync the member's name based on the Claims returned
// in the externalLogin info
return true; //returns a boolean indicating if sign in should continue or not.
}
};
}
and KeycloakAuthenticationExtension.cs
public static class KeycloakAuthenticationExtension
{
public static IUmbracoBuilder AddMemberKeycloakAuthentication(this IUmbracoBuilder builder)
{
builder.Services.ConfigureOptions<KeycloakMemberExternalLoginProviderOptions>();
builder.AddMemberExternalLogins(logins =>
{
logins.AddMemberLogin(
memberAuthenticationBuilder =>
{
memberAuthenticationBuilder.AddKeycloak(
// The scheme must be set with this method to work for the umbraco members
memberAuthenticationBuilder.SchemeForMembers("UmbracoMembers.Keycloak"),
options =>
{
options.AccessType = KeycloakAuthenticationAccessType.Confidential;
options.BaseAddress = new Uri("http://localhost:8080/");
options.Domain = "http://localhost:8080/";
options.Realm = "MyTestLocalRealm";
options.ClientId = "umbracoLocalTest";
options.ClientSecret = "cywWTElC4jojVbfajXwPdZaQZCbv6f4P";
});
});
});
return builder;
}
}
This is a companion discussion topic for the original entry at https://our.umbraco.com/forum/109490-integrating-umbraco-with-keycloak-works-for-back-office-users-not-for-members