背景
我对 Umbraco 很陌生,但一直在尝试将IdentityServer4用于 Umbraco 的 BackOffice。对于 IDP,我使用了此处的内存配置(is4inmem 模板) 。
对于 Umbraco,我使用UmbracoIdentityExtensions来配置 OpenId Connect。
我一直主要关注本教程(但是,这是针对 Umbraco 7)。
问题
我确实有我配置的“使用 OpenId 连接登录”按钮,但是当我尝试使用 IDP 登录时,Umbraco 没有让我登录。我不断返回登录页面。但是,每当我进入 IDP 页面时,我都会登录并可以看到我已授予访问权限,如下图所示。
每当我使用 Umbraco 帐户登录,然后尝试“链接您的 OpenId Connect 帐户”时,它什么也不做,但在注销时屏幕上会出现一条错误消息:“发生错误,无法获取外部登录信息”我尝试使用不同的配置设置,但没有成功。
代码
IDP 配置文件
public static IEnumerable<IdentityResource> Ids =>
new IdentityResource[]
{
new IdentityResources.OpenId(),
new IdentityResources.Profile(),
new IdentityResources.Email(),
new IdentityResource(
name: "application.profile",
displayName: "Application profile",
claimTypes: new[] { ClaimTypes.GivenName, ClaimTypes.Surname }
)
};
... etc ...
public static IEnumerable<Client> Clients =>
new Client[]
{
new Client
{
ClientId = "u-client-bo",
ClientSecrets = new List<Secret>
{
new Secret("secret".Sha256()),
},
ClientName = "Umbraco Client",
AllowedGrantTypes = GrantTypes.Hybrid,
RequireConsent = false,
RedirectUris = { "https://localhost:44302/Umbraco" },
PostLogoutRedirectUris = { "https://localhost:44302/Umbraco" },
AllowedScopes =
{
IdentityServerConstants.StandardScopes.OpenId,
IdentityServerConstants.StandardScopes.Profile,
IdentityServerConstants.StandardScopes.Email,
"application.profile",
},
AllowAccessTokensViaBrowser = true,
AlwaysIncludeUserClaimsInIdToken = false
}
};
对于 Umbraco,我已将UmbracoCustomOwinStartup编辑为以下内容:
public class UmbracoCustomOwinStartup : UmbracoDefaultOwinStartup
{
protected override void ConfigureUmbracoUserManager(IAppBuilder app)
{
app.ConfigureUserManagerForUmbracoBackOffice(
Services,
Mapper,
UmbracoSettings.Content,
GlobalSettings,
global::Umbraco.Core.Security.MembershipProviderExtensions.GetUsersMembershipProvider().AsUmbracoMembershipProvider());
}
protected override void ConfigureUmbracoAuthentication(IAppBuilder app)
{
app
.UseUmbracoBackOfficeCookieAuthentication(UmbracoContextAccessor, RuntimeState, Services.UserService, GlobalSettings, UmbracoSettings.Security, PipelineStage.Authenticate)
.UseUmbracoBackOfficeExternalCookieAuthentication(UmbracoContextAccessor, RuntimeState, GlobalSettings, PipelineStage.Authenticate)
.UseUmbracoPreviewAuthentication(UmbracoContextAccessor, RuntimeState, GlobalSettings, UmbracoSettings.Security, PipelineStage.Authorize);
var identityOptions = new OpenIdConnectAuthenticationOptions
{
ClientId = "u-client-bo",
SignInAsAuthenticationType = DefaultAuthenticationTypes.ExternalCookie,
Authority = "https://localhost:44393",
RedirectUri = "https://localhost:44302/Umbraco",
ResponseType = "code id_token token",
Scope = "openid profile application.profile",
PostLogoutRedirectUri = "https://localhost:44302/Umbraco",
Notifications = new OpenIdConnectAuthenticationNotifications
{
SecurityTokenValidated = ClaimsTransformer.GenerateUserIdentityAsync
}
};
// Configure BackOffice Account Link button and style
identityOptions.ForUmbracoBackOffice("btn-microsoft", "fa-windows");
identityOptions.Caption = "OpenId Connect";
// Configure AutoLinking
identityOptions.SetExternalSignInAutoLinkOptions(
new ExternalSignInAutoLinkOptions(autoLinkExternalAccount: true));
app.UseOpenIdConnectAuthentication(identityOptions);
}
}
ClaimsTransformer.GenerateUserIdentityAsync方法将其他声明添加到身份。
我是否缺少其他配置或组件?
提前致谢!