Sitecore Asked by Corey Burnett on August 23, 2021
I am trying to set up Sitecore 9.1.1 Identity Server to act as a Federation Gateway with Azure AD as described https://doc.sitecore.com/developers/91/sitecore-experience-management/en/use-the-sitecore-identity-server-as-a-federation-gateway.html.
What isn’t clear to me is how to register the Sitecore site in Azure AD. I am assuming that in Azure AD you have to configure a Redirect URI or some sort of Reply URL to tell Azure AD where to go after successful authentication. The Sitecore documentation doesn’t really specify.
In the Sitecore documentation it links you to this for configuring Azure AD (https://docs.microsoft.com/en-us/azure/active-directory/develop/v1-protocols-openid-connect-code). In that documentation it says "Provide the Redirect URI. For Web Applications, this is the base URL of your app where users can sign in." That leads me to believe that the Redirect URI should be https://[SI Server Host Name]/account/login
since that is the page I go to when I want to log in. However the Sitecore documentation also mentions this URI – https://[SI Server Host Name]/signin-oidc
. I have no idea at all what that /signin-oidc thing is as when I try to go to that on my Identity Server I get a 404 error.
Does anyone know exactly what I should put in ADFS for the Redirect URI? Also the Sitecore documentation mentions the ReplyURLs setting in the Application Manifest. Although it isn’t clear what they mean by that I am guessing they mean the Application Manifest in the Azure AD setup.
To register Sitecore site in Azure AD:
I've noted down all the steps in details to configure Azure AD with Sitecore identity sever, you can have a look here:
https://sitecorewithraman.wordpress.com/2021/01/01/sitecore-cms-azure-ad-integration/
Answered by Raman Gupta on August 23, 2021
I figured out the problem I was having. It turns out that the steps laid out in this post are exactly correct (https://sitecore.derekc.net/setting-up-azure-active-directory-integration-with-sitecore-identity-server-sitecore-9-1/). What was happening for some reason is that after authentication on the Azure AD instance, Azure AD was sending a GET request to https://[SI Server Host Name]/signin-oidc
. My guess is that the controller on the Identity Server is only set up to accept a POST, not a GET. So it was returning a 404 since no MVC route matched a GET request. I can't quite figure out why the Identity Server was receiving a GET request. This was all happening on an on-prem 9.1.1 instance that lives on the client's network. I was able to set up a completely separate 9.1.1 instance in Azure and it worked great authenticating against the exact same Azure AD instance. So that tells me there is something wrong with the on-prem 9.1.1 instance or maybe the client's network that was causing the POST form Azure AD to somehow become just a GET - which then caused the 404 error.
Answered by Corey Burnett on August 23, 2021
Get help from others!
Recent Questions
Recent Answers
© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP