SSO 3rd Party Authentication - Front End Only

Posted by C Kiraly on 15-Nov-2019 21:45

I'll try to make this as succinct as possible.

I'm a newer developer for a small company that was hired to modify a Sitefinity site to handle a 3rd party SSO for the members on the site (not the Backend). My company does not host the site, but we are hosting other sitefinity sites. (Which is why we were hired...)

I've read the documentation, but its not making sense.

I'm assuming that we'll modify the current login page (that is simply using the Login widget) to redirect to the SSO Login page with a landing page url, and once someone has successfully logged in, they will be redirected to the given landing page, along with an authorization token.

My question/concern is how do I get Sitefinity to recognize this Authorization token??

Sitefinity - Front- & Back-End Development

All Replies

Posted by K Denham on 15-Nov-2019 23:28

I assume you're referring to adding an authentication provider in the Settings > Advanced section.  If so, then Sitefinity has a built-in resource of handling the callback your authentication provider generates after a successful sign-in with the identity provider.  

So the flow looks something like this:

  1. User visits the login page and clicks on the "Login with Linked-in" button (or whatever the caption you created says).
  2. User gets redirected to the identity provider and one of the components of the redirect is that Sitefinity tells the Provider, via a parameter, "Hey Provider, after this person signs in, send them back to this URL please".  That URL looks something like "Yoursite.com/Sitefinity/Authenticate/OpenID/signin-custom".  This page is where the magic happens with the authorization token in a couple steps.
  3. User enters their credentials and successful signs into the provider
  4. After sign-in, the provider generates a redirect back to Sitefinity, sending the user to the /Sitefinity/Authenticate/OpenID/signin-custom page.  It's here the token exchange takes place.  So under-the-hood, the statement "they will be redirected to the given landing page" isn't really accurate, even though that's what it appears like to the user.

Of course, there's always a lot of gotchas to consider when a platform like Sitefinity simplifies an otherwise complicated process.

This thread is closed