EpiServer As A IdentityServer

Vote:
 

Hello,

We are using EPi_AspNetIdentityUserProvider in my application. I want to make my Epi application as IdentityServer where I can manage the users, roles, group etc.  By using Admin > Create user, we can create the user and manage the user but very limited functionality. I want to integrate interface to manage all users like, updating user details, delete user, create user. 

Is there any starting point where should I start. I mean how feasible it would be making the as IdentityServer and other applications in the organization can us my epi application as single-sign-in on.

What are the possible ways to achieve this in Epi, or is there any inbuild API for this.  

Dipak Salve.

#221395
Apr 17, 2020 10:38
Vote:
 

Hi Dipak

Sure you can implement a custom OAuth server middleware. I have done that before, in order to support native apps with Bearer token authentication in a safe way. Just be adviced that it can take a lot of work and testing to get right. Especially if you want different OAuth flows, grant types and scope etc.

In terms of managing users, you only get what you have already seen in Episerver (like CMS user admin and Commerce contact manager). Other features you need to implement yourself.

What kind of applications would be using Episerver as single-sign-on?

#221451
Apr 18, 2020 6:17
Dipak Salve - Apr 20, 2020 7:43
Thank you Stefan.
Vote:
 

Hi Dipak,

I would not make the Episerver instance the SSO but use software that has been certified to act as identity provider.

I would look at the .Net Core IdentityServer4 (OpenSOurce and free): https://github.com/IdentityServer/IdentityServer4

Or one of the listed certified OIDC implementations: https://openid.net/developers/certified/

Or OpenAM: https://github.com/OpenIdentityPlatform/OpenAM

So I would have the Identity management (access management, etc) in separate tested application, less work and testing for your team to make sure the system is secure and up to date.

#221496
Apr 20, 2020 7:41
Dipak Salve - Apr 20, 2020 7:43
Thank you Antti.
* You are NOT allowed to include any hyperlinks in the post because your account hasn't associated to your company. User profile should be updated.