I recently spent some time with a customer who wanted to use PingFederate Server with Episerver. After some initial Googling I could see PingFederate Server is a single sign on (SSO) server which is part of the Ping Identity suite of products. The image from the Ping Identity site implied Episerver could act as a Web App so it looked promising:
Most importantly for me it I noted it coud configured to support the WS-Federation protocol (WS-FED). This means it should be easy to set an Episerver site using the standard infrastructure we have to set up federated security in Episerver.
So this post is a knowledge share to ensure I have notes in case I need to do this it again in the future.
This post describes a simple claims helper block I put together. This block can come in useful if you are using federated authentication and would like to inspect all claims for the current user.
I created this whilst developing the solution for implementing federated security in EPiServer using Auth0.
In my previous post I described how its possible to implement federated security in EPiServer using Auth0. However the steps described on allow users to log into your site with Auth0. It's not possible to log into the EPiServer UI using the described steps. The post describes how to extend the implementation to allow users logging in via Auth0 to use the EPiServer UI.
This is due to the fact that when using federated security EPiServer respects the http://schemas.microsoft.com/ws/2008/06/identity/claims/role claim to check access rights. However many providers do not issue these claims so we need an Auth0 rule to create some roles then do a little work in EPiServer to map them into http://schemas.microsoft.com/ws/2008/06/identity/claims/role claims.
This post describes how to allow federated security in EPiServer using Auth0. Auth0 is an identity broker that's extensible, enterprise class and reduces the friction between identity infrastructure and developers. I'm not affiliated with Auth0 in any way so this post is written from my own (admittedly very good) experience with Auth0. The post contains a number of step by step instructions and is intended to be an example on how to use Auth0 with EPiServer. The original demo was presented in November 2014 at the EPiServer UK customer and partner day.
Recently I read an EPiServer forum post about securing EPiServer edit and admin mode. If I understood the post correctly then there is a public facing EPiServer site, using the standard SQL providers. The requirement was to prevent access to edit and admin mode to all but a restricted set of IP addresses.