- The past year has been a weird year. It went by without much me feeling the time passing. Things happened around the world, but something also happened in our personal life.2020 was not too bad to be honest. We are positive people and of course 2021 will be even better.
- Collected from different places. For my own references:Azure Application Insights
- Daily Volume Cap
- <add key='storeSitecoreCountersInApplicationInsights:define' value='False' />
- <add key='useApplicationInsights:define' value='True' />
- <system.webServer><remove name='ApplicationInsightsWebTracking' /><add name='TelemetryCorrelationHttpModule' type='Microsoft.AspNet.TelemetryCorrelation.TelemetryCorrelationHttpModule, Microsoft.AspNet.TelemetryCorrelation' preCondition='integratedMode,managedHandler' /><add name='ApplicationInsightsWebTracking' type='Microsoft.ApplicationInsights.Web.ApplicationInsightsHttpModule, Microsoft.AI.Web' preCondition='managedHandler' />
- <system.web><trace enabled='false' requestLimit='50' pageOutput='false' traceMode='SortByTime' localOnly='true' />
- <system.diagnostics><trace autoflush='true' indentsize='0'><listeners><add name='myAppInsightsListener' type='Microsoft.ApplicationInsights.TraceListener.ApplicationInsightsTraceListener, Microsoft.ApplicationInsights.TraceListener' /></listeners></trace></system.diagnostics>
- <!-- SERVER ROLE The name for grouping metrics from instances by server role. Default value: Single --><setting name='ApplicationInsights.Role' value='Single' patch:source='Sitecore.Cloud.ApplicationInsights.config'/>
- <!-- TELEMETRY TAGS Tags that are included in telemetry data to identify the metrics from an instance. --><setting name='ApplicationInsights.Tag' value='' patch:source='Sitecore.Cloud.ApplicationInsights.config'/>
- <!-- DEVELOPER MODE Enables developer mode in Application Insights TelemetryConfiguration. --><setting name='ApplicationInsights.DeveloperMode' value='false' patch:source='Sitecore.Cloud.ApplicationInsights.config'/>
- <pipelines><initialize><processor type='Sitecore.Cloud.ApplicationInsights.Logging.RemoveSitecoreTraceListeners, Sitecore.Cloud.ApplicationInsights' patch:source='Sitecore.Cloud.ApplicationInsights.config'/><processor type='Sitecore.Cloud.ApplicationInsights.TelemertyInitializers.InjectTelemertyInitializers, Sitecore.Cloud.ApplicationInsights' patch:source='Sitecore.Cloud.ApplicationInsights.config'/><processor type='Sitecore.Cloud.ApplicationInsights.TelemertyInitializers.AppInsightsInitializer, Sitecore.Cloud.ApplicationInsights' patch:source='Sitecore.Cloud.ApplicationInsights.config'/>
- Probably not a problem that people typically have, but if you try to install multiple Sitecore versions (before Sitecore 10, which can be done using Docker now) on the same machine, you get weird errors due to incorrect Sitecore Installation Framework(SIF) version. So here is a table to help you to use the right version of SIF.SitecoreSitecore Installation Framework9.0.x188.8.131.52.0.09.1.12.1.0 or later9.2.02.1.0 or later9.3.02.2.010.0.02.3.0And a cheatsheet for SIF.Add PowerShell repository for installing SIFInstall the latest version of SIFSee all the versions of SIF installedInstall a specific version of SIFUse a particular version of SIF for installation - this is important when installingThere is an official Sitecore KB compatibility page containing the same information:And finally, if you haven’t tried, I strongly recommend giving Docker a try for Sitecore 10 at least. It’s super easy!
- If you tried to enable Synonyms support with Azure Search in Sitecore, you probably have seen this article: https://blogs.perficient.com/2019/11/12/programmatically-creating-synonym-maps-in-azure-search-with-sitecore/. Which provided details on how to use Sitecore to store and create the Synonym Map in Azure Index.However, after creating the Synonym maps in Azure, you may find that it doesn't work with the SXA Search component. In this post, I will talk about why and how to resolve the issue in Sitecore SXA, which will help you to understand how non-SXA works too.Assume that you have succesfully setup Synonym Map on sxacontent field for "home resident". When doing a search for "home" using the SXA Search component, Sitecore generate a search query like below:The problem is that Azure Search does not expand Synonyms on wildcard queries:Synonym expansions do not apply to wildcard search terms; prefix, fuzzy, and regex terms aren't expanded.Ref: https://docs.microsoft.com/en-us/azure/search/search-synonyms#impact-of-synonyms-on-other-search-featuresThe suggestion is to combine the wildcard with a simple fixed query, which means the above query should look like this:Note:
Now we know what kind of query needs to be generated. The next step is to make Sitecore SXA to generate the query.The place to modify is "ContentPredicate" method in Sitecore.XA.Foundation.Search.Services.SearchService. Out of the box code looks like this:A logical solution is just adding "|| i.AggregatedContent == t" but the tricky part is that since AggregatedContent is sxacontent filed in the index, and it's a string array. When you use string comparison on it, it builds the query as a filter instead of what we wanted. Here is an example of what that query looks like if you change the line to "expression = expression.And((ContentPage i) => i.AggregatedContent.Contains(t) || .AggregatedContent == t);"This causes an exception in Azure Search because sxacontent is not defined as a filterable field. Even if you make sxacontent a filterable, Synonym doesn't work because Azure Search doesn't support expanding it in filters.A number of solutions:One: If instead of sxacontent field, you have a custom index field that is just a string type, above code works (with a different field name of course)Two: you can overwrite Sitecore.ContentSearch.Azure.Query.SearchQueryBuilder.Contains to always use both regex wildcard and normal wildcard with an OR. Since SearchQueryBuilder is not directly exposed in DI, it will take a fair bit amount of work to replace it, it won't be an easy solution.An example of how to do this can be referenced in this support ticket: https://github.com/SitecoreSupport/Sitecore.Support.147386/releases/tag/184.108.40.206. Check out the classes in repo that have to be duplicated, note that it may not be exactly the same to the version of Sitecore you have.Three: Use "MatchWildcard" in Linq. The code looks like this:Above code generates exactly the query we wanted. It may seem a bit weird and even feels like a "bug". But looking at the offcial documentaion on this page ( https://doc.sitecore.com/developers/92/sitecore-experience-manager/en/linq-to-sitecore.html):MatchWildcardresults = queryable.Where(i => i.Template.Where(i => i.Template.MatchWildcard("H?li*m")));The intention of MatchWildcard is to accept an expression with custom wildcard defined and just pass it as it is to the query. That's why it worked for our case. To be honest this may not seem the best fit for this method however comparing to the effort having to go through in solution two to overwrite the Sitecore Azure provider, this saves a huge amount of effort and has less potential impact to the site. I'd prefer this approach out of the three here.The solution has been tested with Sitecore 9.2.0 with SXA 1.9 only. However I checked the code in Sitecore 9.3, in theory it should also work, best to double check.
- Based on information collected, regular wildcard query also work (which is sxacontent:("*home*")), however, it produces a different result than the regex wildcard, so it's not discussed here.
- If queryType is changed to simple in the query, the original query also works. It is not easy to change, so not considered here.
- Sitecore Identity, Federated Authentication and Federation GatewayIf you are already familiar with the differences between Sitecore Federated Authentication with Sitecore Identity VS Sitecore Identity as a Federation Gateway, please skip to the next section. Otherwise, it's essential to understand the differences as they are consistently being mixed up.Sitecore uses OpenID Connect, so some of the terms are from OpenID Connect 1.0 and OAuth 2.0 - because OpenID Connect extends OAuth. I recommend having some reading if they are also new to you.
What do those two options look like?
- To have Federated Authentication with Sitecore, we need to have an Identity Provider.
- Sitecore Identity Server is the out of the box Identity Provider that's set up with Sitecore shell site to provide Federated Authentication.
- There are two options when integrating a new Identity Provider
- Setup the new Identity Provider with Sitecore directly for Federated Authentication
- Setup the new Identity Provider with Sitecore Identity where Sitecore Identity act as a Federation Gateway. In this case, Sitecore still has Sitecore Identity Server as the Identity Provider.
There are other differences, won't go into too many details here. But hopefully, this gives you a good overview of Federated Authentication in the new Sitecore versions.This post will be about option 1 - Sitecore Website Federated Authentication with Azure AD B2C. If you are interested in Option 2, which is set up Azure AD B2C with Sitecore Identity, Jason has created an excellent article about this already: Azure AD B2C with Sitecore Identity. He also provided a lot of help when I did this post 🙂Sitecore Website Federated Authentication with Azure AD B2CSitecore version used in this is 9.3.0. Here are the steps:Note: be sure to replace all single quotes to double quotes after coping the code.
- External Identity provider directly setup with Sitecore for Federated Authentication:
- This option is more suitable for public websites which mean users come to Sitecore sites and redirected to the external Identity Provider to login and then are redirected back to Sitecore sites.
- Sitecore client (shell) can keep on using Sitecore Identity Server. Both can stay behind DMZ if required.
- Sitecore Identity Server as the Federation Gateway to external Identity Providers:
- This option is more suitable for allowing Sitecore users (like authors) to login to Sitecore client via external Identity providers.
- If this option is selected for websites, Sitecore Identity Server must be exposed to the Internet.
- Have an Azure AD B2C instance ready.
- Register a new App in Azure AD B2C. Collect the following information:
- Create a User Flow Policy of Type 'Sign up and sign in'. Collect the following information
- You can test accessing below URL to make sure your AD B2C OpenID Connect endpoint is up. This is where you can see all your possible claims too.
- Please make sure the Sitecore instance has OWIN and Federated Authentication both enabled. Then there are three steps:
- Setup an Asp.Net project. Below are some main Nuget packages you will need.
- Create a custom IdentityProvidersProcessor that inherits
- Below is a simple implementation that works
Note that the integration are using the new b2clogin.com endpoints of Azure AD B2C, not http://login.microsoftonline.com/ since it will be deprecated by the end of 2020 . More details here: https://docs.microsoft.com/en-us/azure/active-directory-b2c/b2cloginAlso please see the notes in the code and config files (For example, can search 'Note 1' on the page to find its location in the demo code/configs)
- Then create a config file like below. Note the collected information are populated in the settings
Login LinkSince this is a website, by default you have no way to test this integration. You can setup a custom page to generate the login link to test the integration:In the controller:In the viewsSkipped classes and configs for regisering dependencies, you know how to do them.That is all. In general it's pretty easy setup, always check logs and URL requests to identify issues and errors.
- Note 1: This section of code is required so this custom Identity Provider Processor picks up the shared transforms that are setup out of box by Sitecore. One of which is the 'idp' claim. If you do not have this section, very likely you can get the error 'idp claim is missing'. Havingsection does not have any effort on your custom identity provider if it doesn't even try to apply shared transformations.
- Note 2: You can choose to persist users or having virtual users. I had virtual users in this demo.
- Note 3: Azure AD B2C has a limitation that it doesn't pass group information in the claims. There are ways to customize the AD side to enable the claim however in this demo it just mapped to some claim and picked up some value to map roles in Sitecore. It could be enough for most use cases.
- Note 4: You can also map user profile properties, these are some examples.
subscribe via RSS