Is it possible to do a custom single sign on implementation?

Posted by Community Admin on 03-Aug-2018 19:23

Is it possible to do a custom single sign on implementation?

All Replies

Posted by Community Admin on 04-Sep-2013 00:00

I've spent a few days trying to get Sitefinity to work in an SSO environment (Azure ACS or Thinktecture) with little success. In frustration I tried to use brute force to implement SSO in the same manner as our custom ASP.NET MVC applications. I upgraded the project to .NET 4.5, added system.identityModel sections to web.config, created a custom ClaimsAuthenticationManager, and commented out the corresponding Telerik modules.

And it works, sort of. I get redirected to my STS, login, and it sends a SAML token back to Sitefinity. But at that point I get a 403. In the ClaimsAuthenticationManager I am trying to find the right combination of claims. This is what I have now:

public override ClaimsPrincipal Authenticate(string resourceName, ClaimsPrincipal incomingPrincipal)
    if (incomingPrincipal != null && incomingPrincipal.Identity.IsAuthenticated)
    
        var claimsIdentity = (ClaimsIdentity)incomingPrincipal.Identity;
        claimsIdentity.AddClaim(new Claim("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name", "jide"));
        claimsIdentity.AddClaim(new Claim("http://schemas.sitefinity.com/ws/2011/06/identity/claims/domain", "Default"));
        claimsIdentity.AddClaim(new Claim("http://schemas.sitefinity.com/ws/2011/06/identity/claims/role", "Administrators"));
    
    return base.Authenticate(resourceName, incomingPrincipal);

Is this even possible? If so, what's the magic combination of claims?

Posted by Community Admin on 05-Sep-2013 00:00

Hi,

In the future there will be an integration with the most popular public authentication providers. Please see the feature request in PITS on the following URL.  Under the feature request there is a solution from a client. However this scenario is not tested and supported from Sitefinity.

Furthermore, you could review these article:

http://www.sitefinity.com/blogs/svetla-yankovas-blog/2013/05/28/single-sign-on-between-sitefinity-and-3rd-party-applications-part-1---the-basics

www.sitefinity.com/.../single-sign-on-between-sitefinity-and-3rd-party-applications-part-2-using-wif

You could find a working sample in the following URL:

github.com/.../Sitefinity-External-STS-Integration

Regards,
Stefani Tacheva
Telerik

Do you want to have your say in the Sitefinity development roadmap? Do you want to know when a feature you requested is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items

Posted by Community Admin on 28-Apr-2015 00:00

Hi Stefani.

I have my Sitefinity app working with an external STS and I am now trying to see if i can add claims as shown in the Svetla blog you referred to. The blog says:

Sitefinity actually has schemas for a couple of other claims we use internally and just for your information here you can see all their types:
public const string TokenId = "schemas.sitefinity.com/.../tokenid";
 public const string UserId = "schemas.sitefinity.com/.../userid"

...

public const string Role = "schemas.sitefinity.com/.../role";​

However besides Name and Domain, which I already have in the token, and which allow me to log into the SF site, what other claims can I add that will show in SF? When I tried adding a Role, I get the error "FormatException: Guid should contain 32 digits with 4 dashes". Which makes me wonder if it is possible at all to pass claims from my external IdP on to the SF app and be able to make use of them there.

Posted by Community Admin on 30-Apr-2015 00:00

Hi,

Here is how the GetRoleInfo method looks like:

protected virtual RoleInfo GetRoleInfo(string value)
       
           var props = value.Split(';');
           return new RoleInfo()
           
               Id = Guid.Parse(props[0]),
               Name = props[1],
               Provider = props[2]
           ;
       

Most probably the error is coming at the last line Provider = props[2] as it expects that there will be a value for the provider in the string. Please add one when you are constructing the claim.

Here is how Sitefinity builds the role claims out of the box for reference:

public virtual Claim CreateRoleClaim(RoleInfo roleInfo)
        
            var value = String.Concat(roleInfo.Id, ";", roleInfo.Name, ";", roleInfo.Provider);
            var issuer = this.GetClaimsIssuer();
            return new Claim(SitefinityClaimTypes.Role, value, ClaimValueTypes.String, issuer, issuer);
        

Next it adds this newly created Claim to the ClaimsCollection.

Regards,
Stefani Tacheva
Telerik
 
Do you want to have your say in the Sitefinity development roadmap? Do you want to know when a feature you requested is added or when a bug fixed? Explore the Telerik Sitefinity CMS Ideas&Feedback Portal and vote to affect the priority of the items
 

This thread is closed