We have already discussed Sitecore Identity Server and the way to Integrate Azure Active Directory with Sitecore Identity Server in this blog
Just like Azure Active Directory, Sitecore supports extending the Identity Server to include other External Providers that support OAuth. In this blog, we discuss how we can integrate Google with the Sitecore Identity Server.
Setting Up Google Authorization
- Login to https://console.developers.google.com/ with you Google Account.
- If you want to use an existing project, skip to step 6.
- Click on Select Project on top to create a new project or select an existing one.
- Click on the New Project button on the right corner of the popup.
- Provide Project Name and click Create,/strong>
- With your project selected at the top, click on OAuth Consent Screen OAuth Consent Screen
- Setup the Consent Screen with the required info. Make sure you add your Identity Server Hostname to Authorized Domains.
- Once the Consent Screen is set up, Select Credentials in APIs & Services pane.
- Click on + Create Credentials and select OAuth Client ID
- Select Application Type as Web Application, provide a name to the application and add your Sitecore Identity Server’s domain in Authorized Redirect URIs. Click Create.
- Save the Client ID and Client Secret shown in popup as those would be required in code.
.png?h=46&w=474&hash=D0500B56D0A085D2EDBF1D3D47BD4EE6){kind=small}
.png?h=63&w=558&hash=A3BAC2D87A3E668FC17843182937E2F9)
.png?h=318&w=512&hash=59DEEE04847C622A4EE8CF9CB2BB6574)
.png?h=315&w=256&hash=7BDC1350B05A2AEE61634212171221DB)
Make sure to add “/callback” at the end of Identity Server URL as we are going to use that as a call back path in code.
.png?h=145&w=472&hash=4E96625511FC13ACE0E1082317184E36)
Setting Up Sitecore Identity Server
Open the Sitecore Identity Server directory and perform the following steps:
- Create a new folder /sitecore/
and new file /sitecore/ /Sitecore.Plugin.manifest inside it. This file contains information about the Assembly where the code for our custom plugin is written. - Create a new directory /sitecore/
/Config and create a new file /sitecore//Config/ inside it. This file contains information about the Identity provider (credentials, claims etc.).xml
<?xml version="1.0" encoding="utf-8"?>
<SitecorePlugin PluginName="Sitecore.Plugin.IdentityProvider.Custom" AssemblyName="Sitecore.Plugin.IdentityProvider.Custom" Version="1.0.0">
<Dependencies>
<Dependency name="Sitecore.Plugin.IdentityProviders">3.0.0- r00211</Dependency>
</Dependencies>
<Tags>
<Sitecore>Sitecore</Sitecore>
</Tags>
</SitecorePlugin>
<?xml version="1.0" encoding="utf-8"?>
<Settings>
<Sitecore>
<ExternalIdentityProviders>
<IdentityProviders>
<Google type="Sitecore.Plugin.IdentityProviders.IdentityProvider, Sitecore.Plugin.IdentityProviders">
<AuthenticationScheme>Google</AuthenticationScheme>
<DisplayName>Sign-in with Google</DisplayName>
<Authority>https://accounts.google.com/</Authority>
<CallbackPath>/</CallbackPath>
<Enabled>true</Enabled>
<ClientId>YourClientID</ClientId>
<ClientSecret>c_KQqx_uuU54te_KzsnaLkcM</ClientSecret>
<ClaimsTransformations>
<ClaimsTransformation1 type="Sitecore.Plugin.IdentityProviders.DefaultClaimsTransformation, Sitecore.Plugin.IdentityProviders">
<SourceClaims>
<Claim1 type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" />
</SourceClaims>
<NewClaims>
<Claim1 type="email" />
</NewClaims>
</ClaimsTransformation1 >
<ClaimsTransformation2 type="Sitecore.Plugin.IdentityProviders.DefaultClaimsTransformation, Sitecore.Plugin.IdentityProviders">
<SourceClaims>
<Claim1 type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name" />
</SourceClaims>
<NewClaims>
<Claim1 type="name" />
</NewClaims>
</ClaimsTransformation2>
&n bsp; <ClaimsTransformation3 type="Sitecore.Plugin.IdentityProviders.DefaultClaimsTransformation, Sitecore.Plugin.IdentityProviders">
<SourceClaims>
<Claim1 type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/picture" />
</SourceClaims>
<NewClaims>
<Claim1 type="picture" />
</NewClaims>
</ClaimsTransformation3>
&n bsp;
<GoogleEmailTransformation type="Sitecore.Plugin.IdentityProviders.DefaultClaimsTransformation, Sitecore.Plugin.IdentityProviders">
<SourceClaims>
&n bsp; <Claim1 type="http://www.sitecore.net/identity/claims/originalIssuer" value="https://accounts.google.com" />
</SourceClaims>
<NewClaims>
<Claim1 type="http://www.sitecore.net/identity/claims/isAdmin" value="true"/>
</NewClaims>
&n bsp; </GoogleEmailTransformation>
</ClaimsTransformations>
</Google>
</IdentityProviders>
</ExternalIdentityProviders>
</Sitecore>
</Settings>
NOTE: <CallbackPath> should contain the same path that we provided in step 10 of setting up Google Authorization
Setting Up The Solution
In this section, we will create a solution that will help us connect to Google and get the account information back.
- Create a new .Net Standard 2.0 Project.
- Create a new file GoogleIdentityServer.cs. This file will contain the properties that we want to pull from the configs created in section Setting Up Identity Server.
- Create a new file GoogleAppSettings.cs. This file will contain the information about the configuration section which will be used for setting up the google identity provider.
- Create a new file ConfigureSitecore.cs. This will contain the code for appending Google Authentication to Sitecore.
- Build the solution and deploy the .dll to the IdentityServer/
namespace Sitecore.Plugin.IdentityProvider.Custom
{
class GoogleIdentityProvider : IdentityProviders.IdentityProvider
{
public string ClientId { get; set; }
public string ClientSecret { get; set; }
public string Authority { get; set; }
public string CallbackPath { get; set; }
}
}
namespace Sitecore.Plugin.IdentityProvider.Custom.Configuration
{
class GoogleAppSettings
{
public static readonly string SectionName = "Sitecore:ExternalIdentityProviders:IdentityProviders:Google";
public GoogleIdentityProvider GoogleIdentityProvider { get; set; } = new GoogleIdentityProvider();
}
}
NOTE: The highlighted should match the configuration node we created in step 2 of Setting Up Identity Server.
using Microsoft.AspNetCore.Authentication;
using Microsoft.AspNetCore.Authentication.OpenIdConnect;
using Microsoft.Extensions.Configuration;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.Logging;
using Sitecore.Framework.Runtime.Configuration;
using Sitecore.Plugin.IdentityProvider.Custom.Configuration;
using System;
using System.Security.Claims;
using System.Threading.Tasks;
namespace Sitecore.Plugin.IdentityProvider.Custom
{
public class ConfigureSitecore
{
private readonly ILogger<ConfigureSitecore> _logger;
private readonly GoogleAppSettings _googleAppSettings;
public ConfigureSitecore(ISitecoreConfiguration scConfig, ILogger<ConfigureSitecore> logger)
{
this._logger = logger;
this._googleAppSettings = new GoogleAppSettings();
scConfig.GetSection (GoogleAppSettings.SectionName);
}
public void ConfigureServices(IServiceCollection services)
{
var authenticationBuilder = new AuthenticationBuilder(services);
var googleProvider = this._googleAppSettings.GoogleIdentityProvider;
if (googleProvider.Enabled)
{
authenticationBuilder
.AddOpenIdConnect (googleProvider.AuthenticationScheme,
googleProvider.DisplayName, (Action<OpenIdConnectOptions>)(options =>
{
options.SignInScheme = "idsrv.external";
options.SignedOutRedirectUri = "https://demo.googleidentityserver.is/Account/Logout";
options.ClientId = googleProvider.ClientId;
options.ClientSecret = googleProvider.ClientSecret;
options.Authority = googleProvider.Authority;
options.CallbackPath = googleProvider.CallbackPath;
options.Events.OnRedirectToIdentityProvider += (Func<RedirectContext, Task>)(context =>
{
Claim first = context.HttpContext.User.FindFirst("idp");
if (string.Equals(first != null ? first.Value : (string)null,
&n bsp; googleProvider.AuthenticationScheme, StringComparison.Ordinal))
&n bsp; context.ProtocolMessage.Prompt = "select_account";
return Task.CompletedTask;
});
options.Events.OnRedirectToIdentityProviderForSignOut = context =>
{
var logoutUri = "https://demo.googleidentityserver.is/Account/Logout";
context.Response.Redirect (logoutUri);
context.HandleResponse();
return Task.CompletedTask;
};
}));
}
}
}
}
Result
After completing the steps, you should be able to see the button for signing in with Google.
.png?h=553&w=631&hash=B9122C2EDCA9225CBA69B1E5685B9A50)
Clicking on Sign-in with Google that will redirect users to Google for authentication.
.png?h=581&w=491&hash=9C100034E02444CFD11340A31D7E56D7)
Upon successful login, the user will be redirected to the Sitecore Launchpad.
.png?h=965&w=1290&hash=7E0BEA337C7F1A39878D72E38BD07590)
Note: The claims transformation setup in Step 2 of Setting Up Identity Server is necessary for logging in otherwise you will get the following error.
.png?h=67&w=435&hash=F22DE9EACE3747731259A0A07451973D)
Note: To set up the username properly, you need to override DefaultExternalUserBuilder otherwise Sitecore will assign a random username to the new users.
namespace Sitecore.Plugin.IdentityProvider.UserBuilder
{
public class CustomUserBuilder : DefaultExternalUserBuilder
{
public CustomUserBuilder (ApplicationUserFactory applicationUserFactory, IHashEncryption hashEncryption) : base (applicationUserFactory, hashEncryption) { }
protected override string CreateUniqueUserName(UserManager<ApplicationUser> userManager, ExternalLoginInfo externalLoginInfo)
{
if (externalLoginInfo != null)
{
if (!string.IsNullOrWhiteSpace(externalLoginInfo.Email))
{
return externalLoginInfo.Email;
}
var validUserName = externalLoginInfo.DefaultUserName.Replace(",", "");
return "sitecore\\" + validUserName.Replace(" ", "");
}
return "nullUserInfo";
}
}
}