Is it possible to do a custom single sign on implementation?
I've spent a few days trying to get Sitefinity to work in an SSO environment (Azure ACS or Thinktecture) with little success. In frustration I tried to use brute force to implement SSO in the same manner as our custom ASP.NET MVC applications. I upgraded the project to .NET 4.5, added system.identityModel sections to web.config, created a custom ClaimsAuthenticationManager, and commented out the corresponding Telerik modules.
And it works, sort of. I get redirected to my STS, login, and it sends a SAML token back to Sitefinity. But at that point I get a 403. In the ClaimsAuthenticationManager I am trying to find the right combination of claims. This is what I have now:
public
override
ClaimsPrincipal Authenticate(
string
resourceName, ClaimsPrincipal incomingPrincipal)
if
(incomingPrincipal !=
null
&& incomingPrincipal.Identity.IsAuthenticated)
var claimsIdentity = (ClaimsIdentity)incomingPrincipal.Identity;
claimsIdentity.AddClaim(
new
Claim(
"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name"
,
"jide"
));
claimsIdentity.AddClaim(
new
Claim(
"http://schemas.sitefinity.com/ws/2011/06/identity/claims/domain"
,
"Default"
));
claimsIdentity.AddClaim(
new
Claim(
"http://schemas.sitefinity.com/ws/2011/06/identity/claims/role"
,
"Administrators"
));
return
base
.Authenticate(resourceName, incomingPrincipal);
Hi,
In the future there will be an integration with the most popular public authentication providers. Please see the feature request in PITS on the following URL. Under the feature request there is a solution from a client. However this scenario is not tested and supported from Sitefinity.
Furthermore, you could review these article:
http://www.sitefinity.com/blogs/svetla-yankovas-blog/2013/05/28/single-sign-on-between-sitefinity-and-3rd-party-applications-part-1---the-basics
www.sitefinity.com/.../single-sign-on-between-sitefinity-and-3rd-party-applications-part-2-using-wif
You could find a working sample in the following URL:
github.com/.../Sitefinity-External-STS-Integration
Regards,
Stefani Tacheva
Telerik
Hi Stefani.
I have my Sitefinity app working with an external STS and I am now trying to see if i can add claims as shown in the Svetla blog you referred to. The blog says:
Sitefinity actually has schemas for a couple
of other claims we use internally and just for your information here you
can see all their types:
public const string TokenId = "schemas.sitefinity.com/.../tokenid";
public const string UserId = "schemas.sitefinity.com/.../userid"
...
public const string Role = "schemas.sitefinity.com/.../role";
However besides Name and Domain, which I already have in the token, and which allow me to log into the SF site, what other claims can I add that will show in SF? When I tried adding a Role, I get the error "FormatException: Guid should contain 32 digits with 4 dashes". Which makes me wonder if it is possible at all to pass claims from my external IdP on to the SF app and be able to make use of them there.Hi,
Here is how the GetRoleInfo method looks like:
protected
virtual
RoleInfo GetRoleInfo(
string
value)
var props = value.Split(
';'
);
return
new
RoleInfo()
Id = Guid.Parse(props[0]),
Name = props[1],
Provider = props[2]
;
Most probably the error is coming at the last line Provider = props[2] as it expects that there will be a value for the provider in the string. Please add one when you are constructing the claim.
Here is how Sitefinity builds the role claims out of the box for reference:
public
virtual
Claim CreateRoleClaim(RoleInfo roleInfo)
var value = String.Concat(roleInfo.Id,
";"
, roleInfo.Name,
";"
, roleInfo.Provider);
var issuer =
this
.GetClaimsIssuer();
return
new
Claim(SitefinityClaimTypes.Role, value, ClaimValueTypes.String, issuer, issuer);