Set up SSO with SWT claims-based authentication
NOTE: As of Sitefinity CMS version 10.0, the authentication mechanism is based on Identity Server by default. Use the below article only if you are using the legacy, SWT - based authentication. If you are using OpenID-based authentication, which is the default mode for new projects created with Sitefinity CMS versions 10.0 and later, follow the instructions on the Configure Single-Sign-On (SSO) between Sitefinity CMS instances article.
Single sign-on (SSO) is a feature which enables users to authenticate just once and then access multiple websites without the need to enter logon credentials again for each site.
To set up SSO with claims authentication, you need at least two Sitefinity CMS sites. One is called the Issuer, the other – the Relying Party.
To set up SSO, perform the following:
- Ensure that both sites are using claims-based authentication.
For more information, see Administration: Switch to claims-based authentication.
- Configure the Issuer, by performing the following:
- Click Administration » Settings » Advanced » Security » RelyingParties.
There is a relying party created by default. Click on it in the tree-view, copy and save its Key.
- Go back to RelyingParties andclick Create new.
- In Realm, enter the root URL of the Relying party that identifies your website. You can use your website's domain name (and virtual directory if applicable) in most cases.
- In Key, create a key, or use the key copied in Step 2a.
- In Encoding, enter Hexadecimal so that the browser receives the same text as the one entered in the Realm URL.
- In MembershipProvider, enter Default. You can edit the default membership data provider in Administration » Settings » Advanced » Security » Membership Providers.
- Click Save changes.
- Configure the Relying Party, by performing the following:
- Click Administration » Settings » Advanced » Security » SecurityTokenIssuers.
- Click Create new.
- In Realm, enter <the root URL of the Issuer >/Sitefinity/Authenticate/SWT.
The value of the root URL must be exactly the same as you have entered in the Issuer's realm, including letter case, any trailing slashes and the protocol (http or https).
For example http://smith.telerik.com/Sitefinity/Authenticate/SWT.
- In Key, enter the same key you entered in Step 2d (Key for Issuer).
- In Encoding, enter Hexadecimal.
- In MembershipProvider, enter Default.
- Click Save changes.
- From the backend, open the web.config file. In the web.config file, search for wsFederation under <system.identityModel>, and set its issuer to the address you specified in Step 3c (Realm for Relying Party).
- Save and close the web.config file.
- Perform this procedure for as many sites as you need.