Set up SSO with SWT claims-based authentication

NOTE: As of Sitefinity CMS version 10.0, the authentication mechanism is based on Identity Server by default. Use the below article only if you are using the legacy, SWT - based authentication. If you are using OpenID-based authentication, which is the default mode for new projects created with Sitefinity CMS versions 10.0 and later, follow the instructions on the  Configure Single-Sign-On (SSO) between Sitefinity CMS instances article.

Single sign-on (SSO) is a feature which enables users to authenticate just once and then access multiple websites without the need to enter logon credentials again for each site. 

To set up SSO with claims authentication, you need at least two Sitefinity CMS sites. One is called the Issuer, the other – the Relying Party.

To set up SSO, perform the following:

  1. Ensure that both sites are using claims-based authentication.
    For more information, see Administration: Switch to claims-based authentication.
  2. Configure the Issuer, by performing the following:
    1. Click Administration » Settings » Advanced » Security » RelyingParties.
      There is a relying party created by default. Click on it in the tree-view, copy and save its Key.
    2. Go back to RelyingParties andclick Create new.
    3. In Realm, enter the root URL of the Relying party that identifies your website. You can use your website's domain name (and virtual directory if applicable) in most cases.
    4. In Key, create a key, or use the key copied in Step 2a.
    5. In Encoding, enter Hexadecimal so that the browser receives the same text as the one entered in the Realm URL.
    6. In MembershipProvider, enter Default. You can edit the default membership data provider in  Administration » Settings » Advanced » Security » Membership Providers.
    7. Click Save changes.
  3. Configure the Relying Party, by performing the following:
    1. Click Administration » Settings » Advanced » Security » SecurityTokenIssuers.
    2. Click Create new.
    3. In Realm, enter <the root URL of the Issuer >/Sitefinity/Authenticate/SWT.

      The value of the root URL must be exactly the same as you have entered in the Issuer's realm, including letter case, any trailing slashes and the protocol (http or https).

      For example
    4. In Key, enter the same key you entered in Step 2d (Key for Issuer).
    5. In Encoding, enter Hexadecimal.
    6. In MembershipProvider, enter Default.
    7. Click Save changes.
    8. From the backend, open the web.config file. In the web.config file, search for wsFederation under <system.identityModel>, and set its issuer to the address you specified in Step 3c (Realm for Relying Party).
    9. Save and close the web.config file.
  4. Perform this procedure for as many sites as you need.

Increase your Sitefinity skills by signing up for our free trainings. Get Sitefinity-certified at Progress Education Community to boost your credentials.

Get started with Integration Hub | Sitefinity Cloud | Sitefinity SaaS

This free lesson teaches administrators, marketers, and other business professionals how to use the Integration hub service to create automated workflows between Sitefinity and other business systems.

Web Security for Sitefinity Administrators

This free lesson teaches administrators the basics about protecting yor Sitefinity instance and its sites from external threats. Configure HTTPS, SSL, allow lists for trusted sites, and cookie security, among others.

Foundations of Sitefinity ASP.NET Core Development

The free on-demand video course teaches developers how to use Sitefinity .NET Core and leverage its decoupled architecture and new way of coding against the platform.

Was this article helpful?