indice-co / indice.kentico Goto Github PK
View Code? Open in Web Editor NEWKentico cms stuff
License: MIT License
Kentico cms stuff
License: MIT License
Hello,
We are attempting to use AWS Cognito as our identity provider. Cognito doesn't support the hybrid "code id_token". I have made changes to the attached three files in order to get the project to work with Cognito (using the authorization code flow). In the process, I added a few more OAuthConfiguration options for configurability. The code still supports the "code id_token" response_type based on a an OAuthConfiguration option. Here is an example of my web.config configuration:
<add key="Oidc:AutoRedirect" value="false" />
<add key="Oidc:Authority" value="https://epuio.auth.us-east-2.amazoncognito.com" />
<add key="Oidc:Host" value="https://test.equio.com/Kentico12" />
<add key="Oidc:ClientId" value="************" />
<add key="Oidc:ClientSecret" value="*******" />
<add key="Oidc:Scopes" value="openid profile" />
<add key="Oidc:AuthorizeEndpointPath" value="authorize" />
<add key="Oidc:TokenEndpointPath" value="oauth2/token" />
<add key="Oidc:UserInfoEndpointPath" value="oauth2/userInfo" />
<add key="Oidc:ResponseType" value="Code" /> <!-- Allowed values: "Code" or "CodeIdToken" -->
<add key="Oidc:UserNameClaim" value="username" /> <!-- The name of the claim returned by the IDP that uniquely identifies the user -->
I encountered an error where I had to change "SiteCon
OAuthConfiguration.cs.txt
OidcAuthenticationModule.cs.txt
text.CurrentSite.SiteID" to "SiteContext.CurrentSiteID". Not sure why.
I'm not an accomplished programmer so I'm sure there are many things that can be improved in my changes. I couldn't figure out how to create a new branch and push it so I've attached the three files that I changed.
I hope these changes are helpful. I would appreciate any feedback you may have.
Paul
The OIDC URL for my IDP is:
https://xyzidp.b2clogin.com/xyzidp.onmicrosoft.com/b2c_1_signin_and_signup/oauth2/v2.0/authorize
I have configured the following in my settings file:
<add key="Oidc:Authority" value="https://xyzidp.b2clogin.com/xyzidp.onmicrosoft.com/b2c_1_signin_and_signup/oauth2/v2.0" />
When indice.kentico redirects to the IDP, is uses the following URL:
https://xyzidp.b2clogin.com/xyzidp.onmicrosoft.com/b2c_1_signin_and_signup/oauth2/v2.0/connect/authorize
This causes an error on the IDP. Is there a way for me to remove the "connect/" portion of the URL when redirecting to the IDP?
Thank you
I've followed all of the instructions in the README to install this into my site. Everything appears to be working up to the point that Cognito redirects back to my site with the code and token. At that point, I get a 404 on SignInOidc.ashx
. Looking at the network log, it looks like that request is coming through as a GET
request (since it's an actual HTTP redirect). Looking back through the handlers, SignInOidc.ashx
is configured to be a POST
endpoint. I don't see a way to force Cognito redirect back to my site via POST
. (However, if I snag the URL from the network log and quickly send it as a POST
, I do indeed get logged in.)
I've tried updating the handler to use the GET
verb, but when I do, I get the following error:
Object reference not set to an instance of an object. at
Indice.Kentico.Oidc.SignInOidcHandler.ProcessRequest(HttpContext context) at
System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() at
System.Web.HttpApplication.ExecuteStepImpl(IExecutionStep step) at
System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
https://kentico.example.com:443/SignInOidc.ashx?code=xxxxxx-xxxx-xxxx-xxxx-xxxxxx&state=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx==
/SignInOidc.ashx
I don't know if this (GET
handler) is supported or if it somehow depends on the request being a POST
and hence the error.
I don't know for sure if it's related, but this PR seems to mention similar things: #10
Are you aware of a way that I can exclude the Kentico administrative interface from the OIDC login process? I'd like to keep admins logging directly into Kentico (so they can address any issues independent of OIDC).
Thank you,
Paul
Hi,
I'm trying to get the Indice Kentico OIDC plugin to work in Azure with Kentico 12 (I've successfully gotten it running with IIS on a Windows system). When I connect to /SignIn.ashx, I'm redirected to the IDP successfully. However, once I enter my credentials and get redirected back, I get the following error in the browser:
`Server Error in '/' Application.
The resource cannot be found.
Description: HTTP 404. The resource you are looking for (or one of its dependencies) could have been removed, had its name changed, or is temporarily unavailable. Please review the following URL and make sure that it is spelled correctly.
Requested URL: /SignInOidc.ashx
`
I've tried to double check that I've got all of the necessary DLLs. I temporarily removed System.Text.Encodings.Web.dll to confirm that I get an explicit dependency error log, which I do (under Diagnose and solve problems --> Diagnostic Tools --> Support Tools --> Application Events on the app service). When I put the DLL back, I don't get any dependency errors.
However, I do get the following error in the log:
`4005
Forms authentication failed for the request. Reason: The ticket supplied was invalid.
2/16/2022 12:30:35 AM
2/16/2022 12:30:35 AM
6146c4ce543e4bddb3c26d84bda420d6
9
1
50201
/LM/W3SVC/769197253/ROOT-7-132894450124207552
Full
/
C:\home\site\wwwroot
pd0sdwk000G8T
13108
w3wp.exe
IIS APPPOOL\dev-sypw-1-102921-cognito
https://dev.syda.net:443/SignIn.ashx
/SignIn.ashx
35.142.159.41
False
IIS APPPOOL\dev-sypw-1-102921-cognito`
It appears that SignIn.ashx is successfully getting executed so that it redirects but simultaneously generating the above error. It doesn't appear that SignInOidc.ashx is getting executed.
Any ideas of what I might be doing wrong or a way that I can figure out what is causing the error. Thanks for any suggestions you can provide.
Hi @giorgos07,
@epiuo and I have been trying to integrate your library into our Kentico 12 SP instance with AWS Cognito, and we're further along now, and getting an error on the redirected call back to SignInOIDC.ashx:
Message: D:\home\site\wwwroot\SignInOidc.ashx(100): error CS0200: Property or indexer 'UserCreatedEventArgs.User' cannot be assigned to -- it is read only
Looking at the source file for UserCreatedEventArgs.cs, I noticed that the UserInfo object setter has the internal keyword set on it, and wasn't sure if that was the cause of the error.
public UserInfo User { get; internal set; }
Thanks in advance,
Garuda
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.