Skip to main content

Using Okta Authentication for a Sitecore client site

I recently had a project where we had to add a new Sitecore site to an already multi site Sitecore 8.2 Update 7 instance. This new site had to integrate with Okta to manage user authentication. I found many articles online that integrated Okta and Sitecore's admin interface but I could not find one that just integrated Okta with a client Sitecore site.

My first step was to use Okta's available ASP.NET MVC projects on their Dev site and test them out. This worked very well with the first Authenticated method I tried which was WS-Fed. But when I tried to use the same authentication method with a site in Sitecore I got errors in my logs like the following:

Sitecore.Security.Principal.SitecoreIdentity does not contain a definition for Claims

Claims are available in HttpContext.User.Identity but not in Sitecore.Security.Principal.SitecoreIdentity, and since we are using a Sitecore site we could not read the claims. I tried to make claims work in Sitecore using various online articles but was not successful.

Next I tried using OpenId connect and again setting up a sample website with Okta authentication was easy. But when I tried to use OpenId connect with my new Sitecore site, I got into issues like going into an endless authentication loop. I think the reason was that my application saw that the user is not authenticated and send the user to Okta. Okta checked the user and sent the user back to the site. But Sitecore is not able to see that the user is authenticated and sends the user back to Okta. Mainly I needed HttpContext.User.Identity.IsAuthenticated to return true and be able to read the associated claims. To avoid this endless loop,.I tried a few more articles online but was not successful in getting OpenId connect to work.

Then I turned to good old Saml. Again first I got Okta Saml to work with a sample website.
To setup the Okta Saml application I used.

and to read the Saml response I used the following Simple SAML consumer implementation

As expected this worked fine for the sample website. But to my surprise, this worked seamlessly in my Sitecore site as well. I was able to read the Okta user attributes in Sitecore. I was excited!

Lastly now that I could read the user attributes, I created a virtual Sitecore user and assigned these user attributes to this virtual user and logged the user into Sitecore as described in this blog

As mentioned in the above articles you could assign the virtual user to a role based on some of the Okta user attributes. This can be used by content authors to assign a page to a particular role so that only users that belong to that role would have access to that page.

I'm hoping someone else out there finds this blog useful. I told myself that if I solve this issue for myself I would blog about it. So I'm glad I took the time today to write about it.


Popular posts from this blog

Un Lock Sitecore admin account

There are times when you - Upgrade Sitecore locally - Restore databases in your local Sitecore instance. And you are no longer able to login to the Sitecore admin interface with the default admin username and password b. When this happens you can unlock the Sitecore admin account and reset the password back to b. To do this copy this aspx  file to your Website\sitecore\admin folder (and overwrite existing file) Next make sure your local web.config (in the root Website) folder has the following settings minRequiredPasswordLength="1" minRequiredNonalphanumericCharacters="0" Lastly go to the following page And click the Unlock Administrator button. That's it, you can now login to your local Sitecore instance. Happy Sitecoreing!

Async Task .Result or .Wait() not working in MVC web application

I had a piece of async code that worked as a console application in Visual Studio 2015. I had to move this code into my MVC web application. In the code, basically you pass an ID to an Api and it returns a document corresponding to that ID. The issue was, there needed to be 2 calls to the Api. As part of the first call you pass the ID and the Api returned a filename. You then pass the filename to the second call and it returns the corresponding document. This worked fine in a console application. But when I tried to port it into a MVC web application it did not work. Frankly async calls work fine in MVC applications, but in instances like mine, I needed the code to be synchronous, since the second call to the Api should only start after the first call returns valid data. I even tried to make the code synchronous, but this just caused my application to hang at the .Result line (code below) ORIGINAL CODE: var fileName = await obj.PostAsync(); await obj.DownloadFile("fileId=&