Setting up SSO with Windows authentication

Set up the STS with windows authentication

1. Create a folder where your STS files will be located.
2. Extract the files from SitefinityStsWebApp.zip to the created folder.
   SitefinityStsWebApp.zip contains the SitefinityStsWebApp web application that you can use for the STS site and is located in your Sitefinity account.
3. Open Internet Information Services (IIS) and perform procedure Running a project on IIS 7.0 or IIS 7.5 » Step 1 to Step 12 and in Step 5, browse to select the folder that you created for the STS.
4. In IIS Manager, select the STS site.
5. In section IIS on the right, double-click Authentication.
6. Enable Windows Authentication and disable all others.

Setting up the SSO

1. Login to the backend of your website.
2. Create a user in the default provider with the same username as the login name for your windows account.
   The user must have backend access and administration right.
   For more information, see Creating and deleting users.

   NOTE: If you want to use your corporate active directory, you must configure the LDAP connection.
   For more information, see Configuring LDAP settings.

3. In the main menu, click Administration » Settings » Advanced » Security » SecurityTokenIssuers.
   There is a security token issuer, created by default. Click it and copy and save its Key.
4. In the treeview on the left, click RelyingParties.
   There is a relying party, created by default. Click it and copy and save its Key.
5. In the treeview on the left click SecurityTokenIssuers » Create new.       
   1. In Realm, enter the address of the relying party and add at the end of the address /Sitefinity/Authenticate/SWT. 
      The entry looks like <the root URL of the relying party >/Sitefinity/Authenticate/SWT.
   2. In Key, enter the key copied in Step 4.
   3. Set Encoding to Hexadecimal.
   4. In MembershipProvider, enter Default. 
      

      NOTE: If you want to use your corporate active directory, enter LdapUsers.

   5. Click Save changes.
6. Click Create new.
   1. In Realm, enter the address of the STS site and add at the end of the address /mysts.ashx, which is the path to the handler.
      The entry looks like <STS address>/mysts.ashx.
   2. In Key, create a key, or use the key copied in Step 3.
   3. Set Encoding to Hexadecimal.
   4. In MembershipProvider, enter Default.
      

      NOTE: If you want to use your corporate active directory, enter LdapUsers

   5. Click Save changes.
7. Open the web.config file of the STS site.
   The file is located in the folder, you created in Step 1 of the above procedure.
8. Under <appSettings>, add the following <add key="(the address of your Sitefinity website)" value="(the key you created in Step 6b)"/>.
9. Save and close the web.config.
10. Open the web.config file of your Sitefinity website.
11. Under <microsoft.identityModel>, find wsFederation and set its issuer to the address of the STS site and add at the end of the address /mysts.ashx.
12. Save and close the web.config file.
13. Repeat the procedure for as many Sitefinity websites as you need.