Enterprise Claims Based Authentication

Cameron Asbury asked on January 29, 2020 21:12

Afternoon!

So we have claims based authentication setup, and this is an enterprise ADFS, and it's all linked up with Kentico. I had some questions however on how best to direct users to this sign on page if they haven't been authenticated yet. The URL for the sign-on has the URL in it's path as a URL parameter to send someone back to the webpage they were attempting to view. This poses some problems that someone here may be able to help me with. My initial worry is that I would have to manually set this login page URL to match each domain for each of the environments we have (Dev, Test, Prod, etc). Is there a way I can dynamically create a URL to send a user to the sign on page with the current location as the URL parameter?

Example URL for organization sign on https://organization.com/?foo=bar&reply=https://websiteToSendUserBackTo.com/

Thanks ahead of time!

Cameron

Recent Answers

Dat Nguyen answered on January 30, 2020 13:19 (last edited on January 30, 2020 13:53)

Without knowing your implementation, I think I would handle the SecurityEvents.AuthenticationRequested event and store the AuthenticationRequestEventArgs.RequestedUrl in a session variable, and then handle the SecurityEvents.Authenticate event and redirect the user using the URL stored in the session variable if the user is authenticated. Hope that helps.

EDIT:

This is assuming the system doesn't automatically redirect the user to the requested page for some reason.

1 votesVote for this answer Mark as a Correct answer

Cameron Asbury answered on January 30, 2020 16:46

Depending on what security settings I use is changing the behavior slightly. If I have check page permissions set to Secured areas it does automatically send a user to the organization sign on page, however it doesn't redirect properly, it just sends the user to the Security realm that is listed in the Claims-based authentication section. This in itself isn't the end of the world however we are making a progressive web app(basically a webpage that acts as a native application if you're unfamiliar), and when you close out of that window that opens in app and you go back to the website you're on it doesn't consider you logged in. Now I've got a login page I can use where I've manually tailored the redirect URL to just come back to my home page and that works but still requires the user to close out of that Home page it got redirected to go back to PWA mode I'll call it.

If I change check page permissions to All Pages I basically have to set the Access Denied page to be the organization sign on page which doesn't work real well for user experience.

I'm pretty new to Kentico, and completely inexperienced with the authentication piece for Kentico. If there is some good documentation I can read about or if you have any more suggestions I'm all ears. I don't have any ability to change how the ADFS works but have full control of the Kentico Portal Engine Instance.

Thanks!

Cameron

0 votesVote for this answer Mark as a Correct answer

Dat Nguyen answered on January 31, 2020 08:24

Please refer to this documentation and see if it leads you somewhere: Handling custom claims-based authentication

If that doesn't help, could you explain the requirements for your authentication process in a step by step list? For me, it's a bit hard to follow when trying to read it from a block of text. If I can understand your exact needs, I can help you solve it.

0 votesVote for this answer Mark as a Correct answer

   Please, sign in to be able to submit a new answer.