Created
October 17, 2018 21:37
-
-
Save karbyninc/01b91d39375c189b1a92d9bcfc162352 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?xml version="1.0" encoding="utf-8"?> | |
<configuration xmlns:patch="http://www.sitecore.net/xmlconfig/" xmlns:role="http://www.sitecore.net/xmlconfig/role/"> | |
<sitecore role:require="Standalone or ContentDelivery or ContentManagement"> | |
<!-- Enables Federated Auth --> | |
<settings> | |
<setting name="FederatedAuthentication.Enabled"> | |
<patch:attribute name="value">true</patch:attribute> | |
</setting> | |
</settings> | |
<services> | |
<register serviceType="Sitecore.Abstractions.BaseAuthenticationManager, Sitecore.Kernel" | |
implementationType="Sitecore.Owin.Authentication.Security.AuthenticationManager, Sitecore.Owin.Authentication" | |
lifetime="Singleton" /> | |
<register serviceType="Sitecore.Abstractions.BaseTicketManager, Sitecore.Kernel" | |
implementationType="Sitecore.Owin.Authentication.Security.TicketManager, Sitecore.Owin.Authentication" | |
lifetime="Singleton" /> | |
<register serviceType="Sitecore.Abstractions.BasePreviewManager, Sitecore.Kernel" | |
implementationType="Sitecore.Owin.Authentication.Publishing.PreviewManager, Sitecore.Owin.Authentication" | |
lifetime="Singleton" /> | |
</services> | |
<pipelines> | |
<owin.identityProviders> | |
<processor type="Foundation.Authentication.IdentityProviderProcessor, Foundation.Authentication" resolve="true" /> | |
</owin.identityProviders> | |
</pipelines> | |
<federatedAuthentication type="Sitecore.Owin.Authentication.Configuration.FederatedAuthenticationConfiguration, Sitecore.Owin.Authentication"> | |
<!--Definitions of providers--> | |
<identityProviders hint="list:AddIdentityProvider"> | |
<identityProvider id="idsrv" type="Sitecore.Owin.Authentication.Configuration.DefaultIdentityProvider, Sitecore.Owin.Authentication"> | |
<param desc="name">$(id)</param> | |
<param desc="domainManager" type="Sitecore.Abstractions.BaseDomainManager" resolve="true" /> | |
<!--This text will be showed for button--> | |
<caption>Login with TREF SSO</caption> | |
<icon>/sitecore/shell/themes/standard/Images/24x24/tref-icon.png</icon> | |
<!--Domain name which will be added when create a user--> | |
<domain>sitecore</domain> | |
<!--list of identity transfromations which are applied to the provider when a user signin | |
This is any claims that come from the provider, that you want to change to something else. | |
The source is what gets returned by the provider | |
The target is what field you want it to be | |
For this to work, the source value must match what you set below | |
--> | |
<transformations hint="list:AddTransformation"> | |
<!--SetIdpClaim transformation--> | |
<transformation name="set idp claim" ref="federatedAuthentication/sharedTransformations/setIdpClaim" /> | |
<!--transformation for idsrv provider--> | |
<transformation name="developer role" type="Sitecore.Owin.Authentication.Services.DefaultTransformation,Sitecore.Owin.Authentication"> | |
<sources hint="raw:AddSource"> | |
<claim name="xrole" value="developer" /> | |
</sources> | |
<targets hint="raw:AddTarget"> | |
<claim name="http://schemas.microsoft.com/ws/2008/06/identity/claims/role" value="sitecore\Developer" /> | |
</targets> | |
<sources hint="raw:AddSource"> | |
<claim name="xrole" value="author" /> | |
</sources> | |
<targets hint="raw:AddTarget"> | |
<claim name="http://schemas.microsoft.com/ws/2008/06/identity/claims/role" value="sxa\Author" /> | |
</targets> | |
</transformation> | |
</transformations> | |
</identityProvider> | |
</identityProviders> | |
<identityProvidersPerSites hint="list:AddIdentityProvidersPerSites"> | |
<!--The list of providers assigned to all sites--> | |
<mapEntry name="all sites" type="Sitecore.Owin.Authentication.Collections.IdentityProvidersPerSitesMapEntry, Sitecore.Owin.Authentication"> | |
<sites hint="list"> | |
<site>shell</site> | |
<site>login</site> | |
<site>admin</site> | |
<site>service</site> | |
<site>modules_shell</site> | |
<site>modules_website</site> | |
<site>website</site> | |
<site>scheduler</site> | |
<site>system</site> | |
<site>publisher</site> | |
</sites> | |
<!-- Our identity provider, idsrv, is added here--> | |
<identityProviders hint="list:AddIdentityProvider"> | |
<identityProvider ref="federatedAuthentication/identityProviders/identityProvider[@id='idsrv']" /> | |
</identityProviders> | |
<!-- Our custom code for handling when a user is created --> | |
<externalUserBuilder type="Foundation.Authentication.CreateUniqueUser, Foundation.Authentication"> | |
<param desc="isPersistentUser">true</param> | |
</externalUserBuilder> | |
</mapEntry> | |
</identityProvidersPerSites> | |
<propertyInitializer type="Sitecore.Owin.Authentication.Services.PropertyInitializer, Sitecore.Owin.Authentication"> | |
<!--List of property mappings | |
Note that all mappings from the list will be applied to each providers--> | |
<maps hint="list"> | |
<map name="name" type="Sitecore.Owin.Authentication.Services.DefaultClaimToPropertyMapper, Sitecore.Owin.Authentication"> | |
<data hint="raw:AddData"> | |
<source name="UserFullName" /> | |
<target name="FullName" /> | |
</data> | |
</map> | |
<map name="xComment" type="Sitecore.Owin.Authentication.Services.DefaultClaimToPropertyMapper, Sitecore.Owin.Authentication"> | |
<data hint="raw:AddData"> | |
<source name="xComment" /> | |
<target name="Comment" /> | |
</data> | |
</map> | |
<map name="email" type="Sitecore.Owin.Authentication.Services.DefaultClaimToPropertyMapper, Sitecore.Owin.Authentication"> | |
<data hint="raw:AddData"> | |
<!--claim name--> | |
<source name="idsEmail" /> | |
<!--property name--> | |
<target name="Email" /> | |
</data> | |
</map> | |
</maps> | |
</propertyInitializer> | |
</federatedAuthentication> | |
</sitecore> | |
</configuration> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment