ADFS authentication configuration

Posted by Community Admin on 04-Aug-2018 19:39

ADFS authentication configuration

Sitefinity - Bugs & Issues

All Replies

Posted by Community Admin on 20-Nov-2017 00:00

I'm trying to set up SSO with an ADFS server using sitefinity version 10.0.6412.0. I followed the instructions here - docs.sitefinity.com/administration-adfs-(active-directory-federation-services). When I attempt to log in with this new button on the default sitefinity login screen the ADFS server appropriately responds to the request. After successful ADFS authentication the server returns the expected claims and the login page redirects appropriately. However, no sitefinity roles are automatically assigned.

 

A couple of notes about my configuration:

  1. The sitefinity web app is hosted in Azure.
  2. The sitefinity web app is currently using a self-signed certificate that I created (both uploaded in Azure and installed locally on my machine as trusted).

 

Given that I'll eventually need to access custom claim types/values for things other than authentication, I tried implementing the code discussed here - knowledgebase.progress.com/.../ . When I debug this code locally the LoginCompletedEventVerification method is never invoked.

 

Here is the only relevant information in the Authentication.log file:

----------------------------------------
Timestamp: 11/20/2017 4:06:33 PM
Message: External login requested for provider: ADFS
Category: Authentication
Priority: -1
EventId: 1
Severity: Information
Title:
Machine: [my machine]
App Domain: /LM/W3SVC/3/ROOT-3-131556673726617577
ProcessId: 30936
Process Name: c:\windows\system32\inetsrv\w3wp.exe
Thread Name: 
Win32 ThreadId:7396
Extended Properties: 
----------------------------------------
----------------------------------------
Timestamp: 11/20/2017 4:06:33 PM
Message: Triggering challenge for external identity provider
Category: Authentication
Priority: -1
EventId: 1
Severity: Information
Title:
Machine: [my machine]
App Domain: /LM/W3SVC/3/ROOT-3-131556673726617577
ProcessId: 30936
Process Name: c:\windows\system32\inetsrv\w3wp.exe
Thread Name: 
Win32 ThreadId:7396
Extended Properties: 
----------------------------------------

 

Here are my sitefinity ADFS configuration settings:

Metadata Address = https://[MyADFSServer].com/federationmetadata/2007-06/federationmetadata.xml 

Wtrealm = https://[MySitefinityApp].com/

Data Provider = Default

Name = ADFS

Auto assigned roles = Users,BackendUsers

Posted by Community Admin on 21-Nov-2017 00:00

I may have solved the problem by adding /sitefinity/authenticate/openid to my sitefinity Wtrealm (relying party) setting.

 

Once I'm confident that the configuration is complete then I'll mark this as the answer.

This thread is closed