More in this section
Forums / Bugs & Issues / ADFS authentication configuration

ADFS authentication configuration

The forums are in read-only mode. In case that you want to directly contact the Progress Sitefinity team use the support center. In our Google Plus group you can find more than one thousand Sitefinity developers discussing different topics. For the Stack Overflow threads don’t forget to use the “Sitefinity” tag.
2 posts, 1 answered
  1. Josh
    Josh avatar
    0 posts
    Registered:
    01 Sep 2017
    20 Nov 2017
    Link to this post

    I'm trying to set up SSO with an ADFS server using sitefinity version 10.0.6412.0. I followed the instructions here - https://docs.sitefinity.com/administration-adfs-(active-directory-federation-services). When I attempt to log in with this new button on the default sitefinity login screen the ADFS server appropriately responds to the request. After successful ADFS authentication the server returns the expected claims and the login page redirects appropriately. However, no sitefinity roles are automatically assigned.

     

    A couple of notes about my configuration:

    1. The sitefinity web app is hosted in Azure.
    2. The sitefinity web app is currently using a self-signed certificate that I created (both uploaded in Azure and installed locally on my machine as trusted).

     

    Given that I'll eventually need to access custom claim types/values for things other than authentication, I tried implementing the code discussed here - https://knowledgebase.progress.com/articles/Article/accessing-custom-claims-from-adfs-provider/ . When I debug this code locally the LoginCompletedEventVerification method is never invoked.

     

    Here is the only relevant information in the Authentication.log file:

    ----------------------------------------
    Timestamp: 11/20/2017 4:06:33 PM
    Message: External login requested for provider: ADFS
    Category: Authentication
    Priority: -1
    EventId: 1
    Severity: Information
    Title:
    Machine: [my machine]
    App Domain: /LM/W3SVC/3/ROOT-3-131556673726617577
    ProcessId: 30936
    Process Name: c:\windows\system32\inetsrv\w3wp.exe
    Thread Name: 
    Win32 ThreadId:7396
    Extended Properties: 
    ----------------------------------------
    ----------------------------------------
    Timestamp: 11/20/2017 4:06:33 PM
    Message: Triggering challenge for external identity provider
    Category: Authentication
    Priority: -1
    EventId: 1
    Severity: Information
    Title:
    Machine: [my machine]
    App Domain: /LM/W3SVC/3/ROOT-3-131556673726617577
    ProcessId: 30936
    Process Name: c:\windows\system32\inetsrv\w3wp.exe
    Thread Name: 
    Win32 ThreadId:7396
    Extended Properties: 
    ----------------------------------------

     

    Here are my sitefinity ADFS configuration settings:

    Metadata Address = https://[MyADFSServer].com/federationmetadata/2007-06/federationmetadata.xml 

    Wtrealm = https://[MySitefinityApp].com/

    Data Provider = Default

    Name = ADFS

    Auto assigned roles = Users,BackendUsers

  2. Josh
    Josh avatar
    0 posts
    Registered:
    01 Sep 2017
    21 Nov 2017
    Link to this post

    I may have solved the problem by adding /sitefinity/authenticate/openid to my sitefinity Wtrealm (relying party) setting.

     

    Once I'm confident that the configuration is complete then I'll mark this as the answer.

    Answered
2 posts, 1 answered