How Sitecore and Umbraco can work together in a composable DXP solution by using the same identity provider

A while ago I shared a post on LinkedIn and Twitter about Freedom Friday. I wanted to use that time to see how Sitecore and Umbraco can work together in a composable DXP solution. One of the results of that experiment is that I have a working demo of Sitecore and Umbraco which both can login into the same identity provider.

OpenID Connect is used to connect to the identity provider. For Sitecore I wrote a blog on how to do this. For Umbraco I created an example website. The identity provider which we'll connect to is Oracle Cloud Infrastructure Identity and Access Management (OCI IAM). It has the option to customize the login page. So the login page is a custom page in Sitecore.

These are the OpenID Connect Sitecore settings:

args.App.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions
    AuthenticationType = this.GetAuthenticationType(),
    AuthenticationMode = AuthenticationMode.Passive,
    MetadataAddress = this.configurationRepository.GetSetting(Constants.Settings.IdentityAccessManagementMetadataAddress),
    ClientId = this.configurationRepository.GetSetting(Constants.Settings.IdentityAccessManagementClientId),
    ClientSecret = this.configurationRepository.GetSetting(Constants.Settings.IdentityAccessManagementClientSecret),
    ResponseMode = OpenIdConnectResponseMode.Query,
    ResponseType = OpenIdConnectResponseType.Code,
    RedeemCode = true,
    Scope = "openid offline_access",
    RequireHttpsMetadata = true,
    TokenValidationParameters =
        SaveSigninToken = true
    CookieManager = this.cookieManager

These are the OpenID Connect Umbraco settings:

// The scheme must be set with this method to work for the umbraco members
options =>
    var config = builder.Config;
    options.ResponseType = "code";
    options.RequireHttpsMetadata = true;
    options.MetadataAddress = config["OpenIdConnect:MetadataAddress"];
    options.ClientId = config["OpenIdConnect:ClientId"];
    options.ClientSecret = config["OpenIdConnect:ClientSecret"];
    options.SaveTokens = true;
    options.TokenValidationParameters.SaveSigninToken = true;

In the video below I will first login with Sitecore. It will look like a normal login because the login page is in the same style as the rest of the website. After that I will login with Umbraco. Since it's the same identity provider and the login page runs on Sitecore, I'm redirected to that custom page in Sitecore. After login I will be redirected back to Umbraco. In addition, I will show Single Sign-On (SSO) and registration in Sitecore that can login into Umbraco.

So this is the power of a composable DXP solution. You can use the same user to login into both Sitecore and Umbraco. The identity provider is the bridge between Sitecore and Umbraco. They know nothing about each other.