ADFS authentication configuration
I'm trying to set up SSO with an ADFS server using sitefinity version 10.0.6412.0. I followed the instructions here - docs.sitefinity.com/administration-adfs-(active-directory-federation-services). When I attempt to log in with this new button on the default sitefinity login screen the ADFS server appropriately responds to the request. After successful ADFS authentication the server returns the expected claims and the login page redirects appropriately. However, no sitefinity roles are automatically assigned.
A couple of notes about my configuration:
Given that I'll eventually need to access custom claim types/values for things other than authentication, I tried implementing the code discussed here - knowledgebase.progress.com/.../ . When I debug this code locally the LoginCompletedEventVerification method is never invoked.
Here is the only relevant information in the Authentication.log file:
----------------------------------------
Timestamp: 11/20/2017 4:06:33 PM
Message: External login requested for provider: ADFS
Category: Authentication
Priority: -1
EventId: 1
Severity: Information
Title:
Machine: [my machine]
App Domain: /LM/W3SVC/3/ROOT-3-131556673726617577
ProcessId: 30936
Process Name: c:\windows\system32\inetsrv\w3wp.exe
Thread Name:
Win32 ThreadId:7396
Extended Properties:
----------------------------------------
----------------------------------------
Timestamp: 11/20/2017 4:06:33 PM
Message: Triggering challenge for external identity provider
Category: Authentication
Priority: -1
EventId: 1
Severity: Information
Title:
Machine: [my machine]
App Domain: /LM/W3SVC/3/ROOT-3-131556673726617577
ProcessId: 30936
Process Name: c:\windows\system32\inetsrv\w3wp.exe
Thread Name:
Win32 ThreadId:7396
Extended Properties:
----------------------------------------
Here are my sitefinity ADFS configuration settings:
Metadata Address = https://[MyADFSServer].com/federationmetadata/2007-06/federationmetadata.xml
Wtrealm = https://[MySitefinityApp].com/
Data Provider = Default
Name = ADFS
Auto assigned roles = Users,BackendUsers
I may have solved the problem by adding /sitefinity/authenticate/openid to my sitefinity Wtrealm (relying party) setting.
Once I'm confident that the configuration is complete then I'll mark this as the answer.