Skip to main content

Part 2: Keycloak Integration with Sitecore

Part 2: Keycloak Integration with Sitecore

This blog will cover the process of setting up Keycloak with Sitecore content management, building upon the explanation provided in the Part 1 blog on Keycloak Integration with Sitecore.

Step 1: Configure OpenID Connect

Create a pipeline processor to configure OpenID connect to talk to Keycloak identity providers.

  public class KeycloakIdentityProvider : IdentityProvidersProcessor  
   {  
     protected override string IdentityProviderName => "keycloak";  
     private string ClientId => Settings.GetSetting(KeycloakSettings.ClientId, "");  
     private string ClientSecret => Settings.GetSetting(KeycloakSettings.ClientSecret, "");  
     private string Authority => Settings.GetSetting(KeycloakSettings.Authority, "");  
     private string MetadataAddress => Settings.GetSetting(KeycloakSettings.MetadataAddress, "");  
     private string RedirectURL => Settings.GetSetting(KeycloakSettings.RedirectURL, "");  
     private readonly string OpenIdScope = OpenIdConnectScope.OpenIdProfile + " email";  
     private readonly string idToken = "id_token";  
     private readonly string accessDeniedRelativePath = "/custom/errorpages/Forbidden.aspx";  
     public KeycloakIdentityProvider(FederatedAuthenticationConfiguration federatedAuthenticationConfiguration, Microsoft.Owin.Infrastructure.ICookieManager cookieManager, BaseSettings settings) : base(federatedAuthenticationConfiguration, cookieManager, settings)  
     {  
     }  
     protected IdentityProvider IdentityProvider { get; set; }  
     protected override void ProcessCore(IdentityProvidersArgs args)  
     {  
       IdentityProvider = this.GetIdentityProvider();  
       var httphandler = new HttpClientHandler();  
       httphandler.DefaultProxyCredentials = CredentialCache.DefaultCredentials;  
       httphandler.CheckCertificateRevocationList = true;  
       httphandler.ServerCertificateCustomValidationCallback = (message, cert, chain, sslPolicyErrors) =>  
       {  
         return true;  
       };  
       var options = new OpenIdConnectAuthenticationOptions  
       {  
         BackchannelHttpHandler = httphandler,  
         //Backchannel = httpclient,  
         RequireHttpsMetadata = false,  
         MetadataAddress = MetadataAddress,  
         ClientId = ClientId,  
         ClientSecret = ClientSecret,  
         Authority = Authority,  
         RedirectUri = RedirectURL,  
         ResponseType = OpenIdConnectResponseType.Code,  
         Scope = OpenIdScope,  
         AuthenticationType = IdentityProvider.Name,  
         RedeemCode = true,  
         TokenValidationParameters = new TokenValidationParameters  
         {  
           NameClaimType = "name"  
         },  
         Notifications = new OpenIdConnectAuthenticationNotifications  
         {  
           RedirectToIdentityProvider = notification =>  
           {  
             if (notification.ProtocolMessage.RequestType == OpenIdConnectRequestType.Authentication)  
             {  
               if (Sitecore.Context.User.IsAuthenticated)  
               {  
                 notification.HandleResponse();  
                 notification.Response.Redirect(Settings.GetSetting("Identity.sso.launchpad"));  
               }  
               else  
               {  
                 notification.ProtocolMessage.SetParameter("kc_idp_hint", "saml");  
               }  
             }  
             if (notification.ProtocolMessage.RequestType == OpenIdConnectRequestType.Logout)  
             {  
               // If signing out, add the id_token_hint  
               var idTokenClaim = notification.OwinContext.Authentication.User.FindFirst(idToken);  
               if (idTokenClaim != null)  
                 notification.ProtocolMessage.IdTokenHint = idTokenClaim.Value;  
             }  
             return System.Threading.Tasks.Task.CompletedTask;  
           }  
         }  
       };  
       args.App.UseKentorOwinCookieSaver();  
       args.App.UseOpenIdConnectAuthentication(options);  
     }  
   }

Step 2: Patch File

Create a patch file that will register a Keycloak Sitecore identity.
 <configuration xmlns:patch="http://www.sitecore.net/xmlconfig/" xmlns:role="http://www.sitecore.net/xmlconfig/role/"  
         xmlns:env="http://www.sitecore.net/xmlconfig/env/" xmlns:zone="http://www.sitecore.net/xmlconfig/zone/">  
      <sitecore role:require="ContentManagement or Standalone">  
           <settings>  
                <setting name="Identity.Keycloak.ClientId" value="VALUE"/>  
                <setting name="Identity.Keycloak.ClientSecret" value="VALUE"/>  
                <setting name="Identity.Keycloak.Authority" value="VALUE"/>  
                <setting name="Identity.Keycloak.MetadataAddress" value="VALUE"/>  
                <setting name="Identity.Keycloak.RedirectURL" value="VALUE"/>  
           </settings>  
           <pipelines>  
                <owin.identityProviders>  
                     <processor type="WEBSITE.KeycloakIdentityProvider, WEBSITE" resolve="true" />  
                </owin.identityProviders>  
           </pipelines>  
           <federatedAuthentication type="Sitecore.Owin.Authentication.Configuration.FederatedAuthenticationConfiguration, Sitecore.Owin.Authentication">  
                <identityProvidersPerSites hint="list:AddIdentityProvidersPerSites">  
                     <mapEntry name="all sites" type="Sitecore.Owin.Authentication.Collections.IdentityProvidersPerSitesMapEntry, Sitecore.Owin.Authentication" resolve="true">  
                          <sites hint="list">  
                               <site>regexp:.*</site>  
                          </sites>  
                          <identityProviders hint="list:AddIdentityProvider">  
                               <identityProvider ref="federatedAuthentication/identityProviders/identityProvider[@id='keycloak']" />  
                          </identityProviders>  
                     </mapEntry>  
                </identityProvidersPerSites>  
                <identityProviders hint="list:AddIdentityProvider">  
                     <identityProvider id="keycloak" type="Sitecore.Owin.Authentication.Configuration.DefaultIdentityProvider, Sitecore.Owin.Authentication">  
                          <param desc="name">$(id)</param>  
                          <param desc="domainManager" type="Sitecore.Abstractions.BaseDomainManager" resolve="true" />  
                          <caption>Log in with keycloak</caption>  
                          <icon>/sitecore/shell/themes/standard/Custom/24x24/msazure.png</icon>  
                          <domain>sitecore</domain>  
                          <enabled>true</enabled>  
                          <transformations hint="list:AddTransformation">  
                          </transformations>  
                     </identityProvider>  
                </identityProviders>  
                <propertyInitializer type="Sitecore.Owin.Authentication.Services.PropertyInitializer, Sitecore.Owin.Authentication">  
                     <maps hint="list">  
                     </maps>  
                </propertyInitializer>  
           </federatedAuthentication>  
      </sitecore>  
 </configuration>
Ensure that the Identity server is disabled, and once you have published the code and configuration files, you will be able to observe the Keycloak login button on the content management system.



Labels:

Comments

Post a Comment

Popular posts from this blog

Azure AD Integration with Sitecore 10.2

 Azure AD Integration with Sitecore 10.2 Sitecore identity server that comes with Sitecore 9.1 allows you to log in through an external identity provider like Azure Active Directory, Facebook, Apple, or Google. It is built on Federation Authentication. What is Federation Authentication? Federation authentication is a technology to allows users to access multiples application, tools, and domains using one credential. Using one set of credential user can access multiple applications, and resources after authentication.  Federation authentication consists of two systems, the Identity provider and the Service provider. Identity providers that maintain/create/manage identity information like name, email address, device, and location. Some examples of identity providers are Azure AD, Google, Facebook, and Apple. Service providers basically refer to a website, software, or app that the user is trying to access and SP basically relies on the identity provider to authenticate the user ...
1 comment
Read more

Sitecore 10.2 - “Failed to start service ‘Sitecore Marketing Automation Engine’” on Windows 11

Sitecore 10.2 - “Failed to start service ‘Sitecore Marketing Automation Engine' ” on Windows 11 Today I started to install Sitecore 10.2 using Sitecore Instance Manager on Windows 11 and I got this issue “Failed to start service ‘Sitecore Marketing Automation Engine' ” . Error : On event viewer it was showing the below error: I also tried to run ‘ Sitecore.MAEngine.exe ’ like this C:\Windows\system32>C:\inetpub\wwwroot\sclocal102xconnect.dev.local\App_Data\jobs\continuous\AutomationEngine\Sitecore.MAEngine.exe Which was throwing below error: Starting Marketing Automation Engine... 2022-01-29 22:21:11 ERR Error initializing XConnect client. System.AggregateException: One or more errors occurred. ---> Sitecore.XConnect.XdbCollectionUnavailableException: An error occurred while sending the request. ---> System.Net.Http.HttpRequestException: An error occurred while sending the request. ---> System.Net.WebException: The underlying connection was closed: An unexpected err...
Post a Comment
Read more

Part-1: Integrating Content Management Platform with Sitecore Connect Hub: A Step-by-Step Walkthrough

Integrating Content Management Platform with Sitecore Connect Hub: A Step-by-Step Walkthrough Sitecore Content Hub's Content Marketing Platform (CMP) offers a unified solution for efficiently managing all content-related activities, including planning, creation, management, and distribution. In the previous blog, I discussed how to integrate DAM, and in this blog, we will explore the integration of CMP. Prerequisites Install Sitecore 10.4 from  here Download    Sitecore Connect™ for Content Hub SIF Package and Sitecore Connect™ for Content Hub WDP Package from  here . Unzip the SCCH Sitecore Installation Framework package into the designated folder. Execute the following command in PowerShell. In ScchWdpPackage give a path of Sitecore.Connector.ContentHub.WDP.5.2.96-r00458.5768.scwdp.zip which you have downloaded previously. To enable CMP on your Content Management server, open the web.config file and modify the configuration as shown below: <add key="cmpEna...
Post a Comment
Read more