Try Now
More in this section

Forums / Bugs & Issues / Authentication issues with 7.2 upgrade

Authentication issues with 7.2 upgrade

2 posts, 0 answered
  1. Joseph
    Joseph avatar
    12 posts
    30 Jan 2014
    09 Jan 2015
    Link to this post

    We have an Enterprise Multisite install in a load-balanced environment that we have recently upgraded to version 7.2 from 5.4. We have since then run into many issues with authentication, and we were hoping someone else might have overcome similar issues or otherwise be able to help us with this.

    Since we are seeing similar issues in our non-load balanced development environments, I'm not sure that the load balancer has anything to do with the problem, but I mention it because it is an additional variable.

    First off, we believe that we have the security settings correct, set according to the instructions at http://docs.sitefinity.com/administration-configure-security. However, since the instructions are somewhat ambiguous, we are not 100% certain.

    We are using claims-based authentication with two membership providers, the Default sitefinity provider and an LDAP provider pulling from Active Directory.

    On both servers we have the following settings:

    Settings > Advanced > Security > SecurityTokenIssuers


    Settings > Advanced > Security > RelyingParties


    with the IPs being the IP addresses of the servers in the load balancer. These are all set up to use the Default membership provider.

    The behavior we are seeing is twofold:

    1) When a user logs in to the site, the SF-TokenId and FedAuth cookies are being added to the browser, but the browser is not always redirecting anywhere (i.e., it is staying on the login page), although the redirect_uri querystring is populated with a location. If a user manually enters that redirect_uri into the browser's address bar, they can visit that page as an authenticated user without an issue.

    2) When a user tries to log out via https://oursite.com/Sitefinity/SignOut?sts_signout=true&redirect_uri=, the authentication cookies are not always deleted, and the user remains effectively logged into the site.

    In both of the above cases, the normal login methods occasionally do seem to work correctly (i.e., on login the user is redirected correctly, and on logout the authentication cookies are deleted), but I have been unable to determine a condition that might cause this. The most reliable way to get things to work correctly is to start with a "clean slate", that is a browser in which the history has been completely cleared (cache, cookies, authorization, etc).

    Any suggestions would be useful.

  2. Svetoslav Manchev
    Svetoslav Manchev avatar
    735 posts
    17 Oct 2016
    13 Jan 2015
    Link to this post
    Hello Joseph,

    I have already answer you in the support ticket.

    Once there is a resolution you can share it with the community.

    Svetoslav Manchev
    Do you want to have your say in the Sitefinity development roadmap? Do you want to know when a feature you requested is added or when a bug fixed? Explore the Telerik Sitefinity CMS Ideas&Feedback Portal and vote to affect the priority of the items
2 posts, 0 answered