Topics

All topics

Configure Single-Sign-On (SSO) between Sitefinity CMS instances

Sitefinity CMS authentication supports Single-Sign-On (SSO), based on OpenID Connect protocol. You can use Sitefinity CMS built-in OpenID Connect Security Token Service (STS) for any other applications using the OpenID Connect protocol.

Using one Sitefinity CMS instance as an STS, you can configure many Sitefinity CMS instances (or any other application) to authenticate with SSO provided by this single STS instance.

IMPORTANT: This feature only works with the OpenID protocol and is being deprecated.

Configure the relying party Sitefinity CMS instance

You configure the Sitefinity CMS instance, which will act as a relying party, by configuring and OpenID Connect (OIDC) authentication provider in its local STS (Identity server). The external OIDC authentication provider authenticates to the STS Sitefinity CMS instance. To do so, follow the instruction in the article Administration: Configure the OpenID Connect provider.

When configuring the provider, you need to make sure you provide the accurate values for the following parameters:

issuer
This parameter defines the absolute path to the STS endpoint of the Sitefinity CMS instance that acts as an STS. You can find the relative path to the endpoint in Advanced settings» Authentication » SecurityTokenService » ServicePath. For example, http://<your sts domain>/Sitefinity/Authenticate/OpenID
redirectUri
This parameter defines the absolute path to the STS of the relying party Sitefinity CMS instance. You can find the the relative path to the endpoint in Advanced settings» Authentication » SecurityTokenService » ServicePath. For exmaple, http://<your client domain>/Sitefinity/Authenticate/OpenID

Configure the STS Sitefinity CMS instance

Use the following procedure to configure the Sitefinity CMS instance that you want to use as Security Token Service.

Navigate to Administration » Settings » Advanced.
In the left pane, expand Authentication » SecurityTokenService » IdentityServer » Clients.
For every client that you have created using the above procedure, create a new client with the following values:
1. Select the Enabled checkbox.
2. In Client flow dropdown box, select Implicit.
3. Select Allow access to all scopes checkbox.
4. Save your changes.
Expand each newly created client and:
1. Click RedirectUris » Create new.
2. Enter the value of the redirectUri parameter that you configured in the relying party Sitefinity CMS instance. For more information, see Configure the relying party Sitefinity CMS instance.
Restart the Sitefinity application.

Increase your Sitefinity skills by signing up for our free trainings. Get Sitefinity-certified at Progress Education Community to boost your credentials.

Web Security for Sitefinity Administrators

The free standalone Web Security lesson teaches administrators how to protect your websites and Sitefinity instance from external threats. Learn to configure HTTPS, SSL, allow lists for trusted sites, and cookie security, among others.

Foundations of Sitefinity ASP.NET Core Development

The free on-demand video course teaches developers how to use Sitefinity .NET Core and leverage its decoupled architecture and new way of coding against the platform.

Was this article helpful?

Yes No

Would you like to submit additional feedback?

Your feedback about this content is important

How helpful is this article?

Very helpful Somewhat helpful Not helpful

How can we improve this article?(Optional)

Fix typos or links

Fix incorrect information

Add or update code samples

Add or update illustrations

Add information about...

Send feedback Cancel

Configure external identity providers