Use claims like username or nameidentifier to register the external user with Orchard. Optionally, it is also possible to configure roles through claims.
Just as a reference, I’ll show you how to configure the module.
Configuring Authentication.Federated – Windows Azure AppFabric side
In my tests, I’ve been using the AppFabric LABS release, over at https://portal.appfabriclabs.com. From there, create a new namespace and configure Access Control Service with the following settings:
Pick the ones you want… I chose Windows Live ID and Google
Relying Party Applications
Add your application here, using the following settings:
Name: pick one :-)
Realm: The http(s) root URL for your site. When using a local Orchard CMS installation on localhost, enter a non-localhost URL here, e.g. https://www.examle.org
Return URL: The root URL of your site. I chose http://localhost:12758/ here to test my local Orchard CMS installation
Error URL: anything you want
Token format: SAML 2.0
Token encryption: none
Token lifetime: anything you want
Identity providers: the ones you want
Rule groups: Create new rule group
Token signing certificate: create a Service Namespace token and upload a certificate for it. This can be self-signed. Ensure you know the certificate thumbprint as we will need this later on.
Edit Rule Group
Edit the newly created rule group. Click “generate” to generate some default rules for the identity providers chosen, so that nameidentifier and email claims are passed to Orchard CMS. Also, if you want to be the site administrator later on, ensure you issue a roles claim for your Google/Windows Live ID, like so:
Configuring Authentication.Federated – Orchard side
In Orchard, download Authentication.Federated from the modules gallery and enable it. After that, you’ll find the configuration settings under the general “Settings” menu item in the Orchard dashboard:
These settings speak for themselves mostly, but I want to give you some pointers:
Enable federated authentication? – Enables the module. Ensure you’ve first tested the configuration before enabling it. If you don’t, you may lose access to your Orchard installation unless you do some database fiddling…
Translate claims to Orchard user properties? – Will use claims values to enrich user data.
Translate claims to Orchard roles? – Will assign Orchard roles based on the Roles claim
Prefix for federated usernames (e.g. "federated_") – Just a prefix for federated users.