Posts

Most Recent

Sitecore Identity - Sticky Virtual User Properties Issue

 I recently came across an issue with our CMS users getting elevated access permissions even after they were moved to a lower-level role. We use OKTA as our identity provider and use federated authentication to integrate Sitecore with OKTA for staff login. The OKTA group memberships are mapped to Sitecore roles using claims mapping to manage user roles in Sitecore. This was working fine for a long time until recently when we started noticing changing user roles in OKTA have no impact on the user permissions in Sitecore. I started troubleshooting by monitoring the network traffic during the login redirect, capturing the JWT token to inspect the claims we are receiving from OKTA. Once the user's group membership in OKTA has changed, I can see the new groups values in the claims. So, the issue has to be on the Sitecore end with claims to roles mapping. After further investigating into the code which hasn't changed in months, I looked into what else has changed. We did upgrade our

Sitecore Identity Claims Mapping Gotchas

Image
Sitecore introduced Identity server in Sitecore 9.1 version to manage authentication and authorization. It allows you to use Federated Authentication to integrate with external identity providers like Azure AD, ADFS and OKTA. I previously worked on integrating Sitecore with ADFS and more recently with OKTA for providing a SSO experience across all the corporate apps. The process for setting up Federated Authentication with an external identity provider is well documented . However, there are a couple of things that were not in the documentation that caught me off guard and broke my OKTA -> Sitecore claims mapping recently. In this article, I am going to share how to avoid those pitfalls. To give you some context, I am mapping OKTA group membership to Sitecore roles as suggested in this Sitecore documentation . I have setup OKTA to pass groups claims to the identity server and mapping individual groups to Sitecore roles. For admins I am mapping the admin group claim to the Sitecore&#

Sitecore Webhooks in action

Image
Sitecore introduced webhooks in Sitecore 10.3 release. The webhooks allows you to get real-time notifications on Sitecore server-side events to other systems. What are webhooks? Webhooks are basically HTTP call-backs. These are automated messages used for communication between two systems when an event is triggered on one system and the other system needs to be notified of the event. The webhooks payload usually consists of a lightweight message about the event in JSON or XML format. What is the need for webhooks in Sitecore? This is one of the features first introduced in Sitecore XM Cloud and later incorporated into Sitecore XP release. In a composable DXP with a SaaS based CMS like XM Cloud, we need an easy way to communicate with external systems using a plug and play framework like webhooks. This allows the CMS to notify the external systems of the server-side events happening at Sitecore so that the systems can take necessary actions of their own. An example of this is to clear e

How to ace your Sitecore .Net Developer 10 Certification Exam

Image
  I have been a Sitecore developer for five years and worked on various Sitecore projects, yet every time I take the certification exam it makes me nervous. From my conversations with the other Sitecore developers I worked with, even the most experienced Sitecore developers are nervous about failing the certification exam. They try to avoid taking the exam unless absolutely necessary. A few reasons for this could be, The exam is too expensive to fail. Most employers will only reimburse the fee for successful certification attempts. The score required to pass the exam is quite high (80%) compared to your academic exams.  The Sitecore training modules for exam competencies can be expensive. Not everyone gets a chance to work on the latest version of Sitecore. The exam competencies include areas of Sitecore you never had a chance to work on. In this blog post I will share my most recent experience of preparing and successfully completing the Sitecore .NET 10 Developer certification exam.

View and download Sitecore log files using Log Viewer

Image
As a Sitecore developer you would want to regularly monitor the log files for recurring errors and warnings and keep them clean. I am quite used to downloading my log files and running the tools like Sitecore Log Analyzer to filter and group errors and warnings.  As we started to productionise our website and apply the security hardening best practices, I ended up losing access to the logs folder and admin pages. To complicate the things further we started using containers to host our Sitecore instance with zero access to file system for developers, even when it is needed for troubleshooting issues.  The only way I could access the logs was using AWS Log Insights which gives you a stream of events without any option to download the full log file. It is especially difficult to troubleshoot issues when you need to correlate events from multiple logs which means you need to look for events across multiple log streams and try to put together the jigsaw puzzle to see the full picture. This

Running SQL Queries On Sitecore Databases Using Sitecore PowerShell Extensions

Image
  Whether you are developing on Sitecore or supporting a live Sitecore instance, there are times you need to access the SQL databases to run queries to fetch some data. While the Sitecore APIs provide access to the items in the content tree, they are not very useful when you want to check the old login tickets in core database, or need to inspect the JWT tokens received from identity provider when using federated authentication.  There are many reasons for a Sitecore developer to want to access the Sitecore database. I am sure there are equal if not more number of reasons for the security team to deny access. Many a times you would be an admin on the Sitecore instance but won't even have read-only access to the SQL databases. In this article I am going to show how you can run simple queries on the Sitecore databases using the power of SPE. For this to work, you need to have access to use the PowerShell ISE on the Sitecore instance. First, we will need to fetch the connection string

Sitecore OData Item Api extensions for reference type fields

 Sitecore OData Item Api provides readonly access to Sitecore items. The OData Item Api is particularly useful when you need to pull some data from Sitecore to show on a non-Sitecore websites. In my case, I needed to pull a list of current job opening in my organization to show them on our company's non-Sitecore website's careers page. For more information on OData Item Api and how to query the data, check the Sitecore documentation page . One thing that particularly bothered me when using OData Item Api service to get an item and its field values using a query like below is, the lack of support for getting the link field target URL in one query. /sitecore/api/ssc/aggregate/content/Items('{F7SDEBB9-6AB1-4ACC-A790-FE627DD18722}')?$expand=FieldValues&sc_apikey={ADGT918E-8F0F-4F7E-8C77-DEE3F4F2E1Y1} When you run the above query against an item with General link field, the output for the field values looks something like this As you can see, the link field value is just