Documentos de Académico
Documentos de Profesional
Documentos de Cultura
Table of Contents
1
Introduction ......................................................................................................................................... 3
Background .......................................................................................................................................... 3
Prerequisites ........................................................................................................................................ 3
3.1
Installing .............................................................................................................................................. 4
5.1
Preparation .................................................................................................................................. 4
5.2
Exchanging metadata................................................................................................................. 4
5.3
LogOnOff ...................................................................................................................................... 5
6.2
SamlUserInfo ............................................................................................................................... 6
6.3
CurrentUserControl ..................................................................................................................... 6
7.2
7.3
7.4
7.5
7.6
7.7
Protecting a page...................................................................................................................... 11
7.8
8.2
References ......................................................................................................................................... 16
2/16
1 Introduction
This document describes a solution for authenticating and authorizing users, on a website build
with the Open Source CMS Umbraco, using an OIOSAML compatible Identity Provider.
Comments, suggestions and questions can be sent to support@silverbullet.dk
2 Background
Umbraco supports ASP .NET Membership and Role providers. The purpose of ASP .NET
MembershipProviders and RoleProviders are to provide a layer of indirection between
membership controls, like a login control and the data store containing membership and role
information.
This solution consists of a custom implementation of a MembershipProvider and a RoleProvider,
which enables Umbraco to authenticate and authorize users via an OIOSAML Identity Provider.
Via Umbracos administration console a page can be protected (public access). When this is
done, access to the protected page will always go through the MembershipProvider and
RoleProvider.
Besides the MembershipProvider and RoleProvider the solution contains sample custom .NET
user controls, which can be used to show user information on a web page.
3 Prerequisites
3.1 Prerequisites for the binary distribution
4 Distribution contents
The distribution contains a zip archive with the following content.
File in zip archive
UmbracoIdpLogin.zip
UmbracoIdpLogin-source.zip
UmbracoIdpLogin-guide,20090108
Description
Binary files including SamlMembershipProvider,
SamlRoleProvider, User Constrols and installation
wizard
Source files
This document in PDF and RTF
3/16
5 Installing
This chapter describes the steps required to install the solution and use the sample .NET User
Controls.
5.1 Preparation
In this document we will describe how to extend an existing website build in Umbraco 4 with
Identity Provider login. We will show this by altering a fresh new installation of Umbraco 4 with
the Boost package installed, but the installation steps can easily applied to any Umbraco 4
website.
OIOSAML.NET must be installed before installing the Umbraco-SAML solution.
4/16
6.1 LogOnOff
If no Umbraco Member has logged on in the current session, this control displays a button with
a login text and a logoff text when a Member has logged on.
The control has the following properties which can be set in the Template section in the
Umbraco administration console
5/16
Property name
LogOnText
LogOffText
LogOnUrl
LogOffUrl
Description
Text on the button when no Member has logged in
Text on the button when a Member has logged in
The URL called for logging in
The URL called for logging off
6.2 SamlUserInfo
This control can display information contained in the authentication SAML assertion from an
Identity Provider.
The control has the following properties which can be set in the Template section in the
Umbraco administration console
Property name
Description
SamlAttributeName Name of and OIOSAML attribute for example urn:oid:2.5.4.3 for
Common Name and urn:oid:0.9.2342.19200300.100.1.3 for
Email
6.3 CurrentUserControl
This control can display the login name of an Umbraco Member which has logged in on the
current session. The purpose of this control is to show that Umbraco is aware that a Member
has logged in.
The control has no attributes.
7 Testing providers
The following sections describe how to set up a test scenario using the sample .NET user
controls and the installed providers.
6/16
2. with
<add tagPrefix="asp" namespace="System.Web.UI" assembly="System.Web.Extensions,
Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
<add tagPrefix="asp" namespace="System.Web.UI.WebControls"
assembly="System.Web.Extensions, Version=3.5.0.0, Culture=neutral,
PublicKeyToken=31BF3856AD364E35"/>
7/16
8/16
</?ASPNET_FORM>
<br/>
<?ASPNET_FORM>
<umbraco:Macro Alias="CurrentUmbracoUser" runat="server"></umbraco:Macro>
</?ASPNET_FORM>
</div>
<div id="subNavigation">
</div>
</asp:Content>
9. Click save
10. Go the Document Type section and click on Boost Homepage
11. On the Boost Homepage document type, find Allowed Templates and check
LoginLogout.
12. Click the Structure tab, and check LoginLogout
13. Click save.
5. Click on the new LoginLogoutPage and make sure that the properties point to the
template LoginLogout.
6. Click Save and Publish.
10/16
11/16
12/16
No try to click on the link Go further which points to the page we protected earlier.
13/16
You will see that you get redirected to the login page. The page will display a login button
because we have not logged in yet.
Click on login and you will be redirected to the Identity Provider. After you have logged, you will
be sent back to the login page. The login page will now display some of the user information
received from the Identity Provider.
14/16
The login button will now display Log off. The first line under the button displays information
contained in the SAML assertion. In the template we configured this to be the OISAML Common
Name. The second line displays the login name of the Umbraco Member logged on to the site.
15/16
4. Change the value of the SamlRole with an attribute that can be used in the query to the
IdP.
9 References
[OIOSAML]
[OIOSAML.NET]
[Umbraco]
16/16