This is the Umbraco 11.4 sample using an OpenIddict implementation to provide Active Directory authentication for back office users. You can find the github project for that component here: https://github.com/auroris/OpenIddict-WindowsAuth

You will need to run Umbraco's normal installation routine and set up a database with an administrative account.

SSO will work outside of an Active Directory environment for testing purposes. OpenIddict-WindowsAuth will use your local machine account.

• Run both Umbraco11SSO and OpenIddict-WindowsAuth.
• Access Umbraco using Microsoft Edge or Google Chrome at https://localhost:44307/umbraco/#/login/false
• Click "Sign in with CompanyName."
• Your first sign-in attempt will fail because your Umbraco account will not be assigned to any useful groups.
• Return to the login form using the link above and sign in using your administrator account.
• Assign your SSO Umbraco account a valid group (such as administrators), and also enable the account.
• Log out and then log in using your SSO account by clicking "Sign in with CompanyName."

Configuration is via the IdentityServer section in appsettings.json.

• Authority: the URI to where you installed OpenIddict-WindowsAuth. If you downloaded and ran the project in Visual Studio without changing anything, the Uri will be https://localhost:44353. You can verify this is correct by accessing the the OpenId configuration document at https://localhost:44353/.well-known/openid-configuration
• Name: the name of your organization.
• ClientId: the name of your client. If you're using unmodified OpenIddict-WindowsAuth, then it doesn't care and this value can be anything.
• ClientSecret: a shared secret for your OpenId client. Again, if you're using unmodified OpenIddict-WIndowsAuth, this can be anything.
• AutoRedirectLoginToExternalProvider: If set to true, Umbraco will try to skip the login form and proceed with authenticating with the OpenId server.