Hello there fellow Umbraquians (Umbracians, Umbafellows?),
I’m trying to get my Umbraco v15 integrated with an external provider (Okta) to have a SSO for the umbraco itself.
I’ve followed the documentation for static extension class (since I don’t need to have in injected in the DI) but after successfully logging-in in Okta, I’m redirected to the Umbraco login screen and my url has this:
/umbraco/login?ReturnUrl=/umbraco/management/api/v1/security/back-office/authorize?redirect_uri=https://localhost:44317/umbraco/oauth_complete&client_id=umbraco-back-office&response_type=code&state=[STATE]&scope=offline_access&prompt=consent&access_type=offline&identity_provider=Umbraco.OpenIdConnect&code_challenge=[CODE_CHALLENGE]&code_challenge_method=S256
My code is currently somewhat default… My “OpenIdConnectExternalLoginOptions” class is the same as documentation and my extension is like this:
public static IUmbracoBuilder AddOpenIdConnectAuthentication(this IUmbracoBuilder builder)
{
builder.Services.ConfigureOptions<OpenIdConnectExternalLoginOptions>();
builder.AddBackOfficeExternalLogins(logins =>
{
logins.AddBackOfficeLogin(
backOfficeAuthenticationBuilder =>
{
var schemeName = BackOfficeAuthenticationBuilder.SchemeForBackOffice(OpenIdConnectExternalLoginOptions.SchemeName);
ArgumentNullException.ThrowIfNull(schemeName);
backOfficeAuthenticationBuilder.AddOpenIdConnect(
schemeName,
options =>
{
var config = builder.Config;
options.Authority = config["Okta:Domain"];
options.ClientId = config["Okta:ClientId"];
options.ClientSecret = config["Okta:ClientSecret"];
options.GetClaimsFromUserInfoEndpoint = true;
options.TokenValidationParameters.NameClaimType = "name";
options.Scope.Add("email");
options.Scope.Add("profile");
options.Scope.Add("openid");
});
});
});
return builder;
}
Has anyone successfully integrated with Okta or has some insights to share?
Thank you!