• Not Answered

How do I custom a Federated Authentication?

Hi, All

We are going to use AzureAD service as authentication to Sitecore.

We have tried validating FederatedAuthentication of Sitecore standard function,

As a result, a user who has a hash value in UserName was automatically created and logged in.

We would like to make the following changes, but what is the best practice for customize?

  1. Set any claims returned from AzureAD to Sitecore UserName.
  2. Do not automatically create users. (login can not be done unless user exist.)

 

2 Replies

  • > 1. Set any claims returned from AzureAD to Sitecore UserName.

    We can create your own UserBuilder class. It can be defined within the following configuration node:

    <externalUserBuilder type="My type goes here">
    <param desc="isPersistentUser">true</param>
    </externalUserBuilder>

    The custom class should be based on default Sitecore.Owin.Authentication.Services.DefaultExternalUserBuilder, the only method you need to override is CreateUniqueUserName.

    > 2. Do not automatically create users. (login can not be done unless user exist.)

    Users are created by the ApplicationUserResolver implementation. To change the logic you will need to register a custom one.

    Implment step below:
    1. Create a custom CustomtApplicationUserResolver class, which is based on Sitecore.Owin.Authentication.Services.ApplicationUserResolver ( Copy the code from the default implementation - Sitecore.Owin.Authentication.Services.DefaultApplicationUserResolver. you can get code samples using any reverse engineering tool such as RedGate .NET Reflector)
    2. In the ResolveApplicationUserAsync method you will need to add your custom logic that will deny creation of new users.
    3. Register a custom service configurator that will replace the standard ApplicationUserResolver implementation with the custom one
  • In reply to Yasushi Ogura:

    Do you have a code example of #2? I tried to register a custom resolver class but it doesnt seem to be hitting the custom code. Not sure where I am going wrong.