Set up SSO with Windows authentication

To setup Windows Authentication you must set up two separate websites in the web server - one is the SitefinityStsWebApp and the other is the Sitefinity CMS instance that will accept the claims from the STS. You must set the authentication type of SitefinityStsWebApp either to Windows or to Basic.

IMPORTANT: Be aware that this article is applicable only if you are using the old SWT (Simple Web Token) authentication protocol. To check the authentication protocol in use, navigate to Advanced Settings » Authentication.

In case you are using the new OpenID authentication protocol, go to Administration: Configure Windows Authentication

Set up the STS with Windows authentication

  1. Create a folder where your STS files will be located.
  2. Extract the files from SitefinityStsWebApp.zip to the created folder.
    SitefinityStsWebApp.zip contains the SitefinityStsWebApp web application that you can use for the STS site and is located in your Sitefinity CMS account.
    Open the .zip file, open the web application in Visual Studio, and build it.
  3. Open Internet Information Services (IIS)
    Depending on which version of IIS you are working with, open the relevant article from Run projects on IIS. Under section Run the project on the IIS, follow Step 1 to Step 12 and in Step 5, browse to select the folder that you created for the STS.
  4. In IIS Manager, select the STS site.
  5. In section IIS on the right, double-click Authentication.
  6. Choose one of the following authentication types and set it in IIS:
    • If all computers that are used to authenticate in Sitefinity CMS are part of the domain, enable Windows Authentication and disable all others.
    • If there are computers that are not part of the domain and that are used for authentication, enable Basic Authentication and disable all others. You could turn https on for this site to protect the transferred credentials.
  7. Open the web.config file of the STS.
  8. Perform the following web.config transformations:
  9. Save and close the web.config file of the STS.

Setting up the SSO

  1. Login to the backend of your website.
  2. In your corporate active directory, give backend access and administration right to the users and groups you will use with windows authentication. 
    For more information, see Administration: Configure LDAP settings.

    NOTE: If you do not want to use your corporate active directory, you must create a user in the default provider with the same username as the login name for your windows account. 
    The user must have backend access and administration right.
    For more information, see Administration: Create and delete users.

  3. In the main menu, click Administration » Settings » Advanced » Security » SecurityTokenIssuers.
    There is a security token issuer, created by default. Click it and copy and save its Key.
  4. In the treeview on the left, click RelyingParties.
    There is a relying party, created by default. Click it and copy and save its Key.
  5. In the treeview on the left, click SecurityTokenIssuers » Create new.       
    1. In Realm, enter the address of the STS site and add at the end of the address /mysts.ashx, which is the path to the handler.
      The entry looks like <STS address>/mysts.ashx.
    2. In Key, create a key, or use the key copied in Step 3.
    3. Set Encoding to Hexadecimal.
    4. In MembershipProvider, enter LdapUsers.          

      NOTE: If you do not want to use your corporate active directory, enter Default.

    5. Click Save changes.
  6. Open the web.config file of the STS site.
    The file is located in the folder you created in Step 1 of the above procedure.
  7. Under <appSettings>, add the following <add key="(the address of your Sitefinity CMS website)" value="(the key you created in Step 5b)"/>.
  8. Save and close the web.config.
  9. Open the web.config file of your Sitefinity CMS website.
  10. Under <system.identityModel>, find wsFederation, set its issuer to the address of the STS site, and add at the end of the address /mysts.ashx.
  11. Perform the following web.config transformations:
  12. Save and close the web.config file.
  13. Repeat the procedure for as many Sitefinity CMS websites as you need.

Increase your Sitefinity skills by signing up for our free trainings. Get Sitefinity-certified at Progress Education Community to boost your credentials.

Get started with Integration Hub | Sitefinity Cloud | Sitefinity SaaS

This free lesson teaches administrators, marketers, and other business professionals how to use the Integration hub service to create automated workflows between Sitefinity and other business systems.

Web Security for Sitefinity Administrators

This free lesson teaches administrators the basics about protecting yor Sitefinity instance and its sites from external threats. Configure HTTPS, SSL, allow lists for trusted sites, and cookie security, among others.

Foundations of Sitefinity ASP.NET Core Development

The free on-demand video course teaches developers how to use Sitefinity .NET Core and leverage its decoupled architecture and new way of coding against the platform.

Was this article helpful?