IMPORTANT: This version of Sitefinity CMS is out of support and the respective product documentation is no longer maintained and can be outdated. Use the version selector to view a supported product version.
The OpenID Connect protocol supports multiple authentication flows. You can configure external providers, such as Facebook or Google, out-of-the-box. For more information, see Administration: Configure external identity providers. You can also configure a custom external identity provider.
The following article demonstrates the minimum configuration required to successfully authenticate the user in Sitefinity CMS STS, using Implicit flow. You first register the provider in Sitefinity CMS backend and, then, implement the provider.
NOTE: Make sure the path is added in the external STS during client registration. The path, configured in the external STS, must be identical to the value of the redirectUri parameter.
You implement and configure the custom external authentication provider. You create a custom AuthenticationProvidersInitializer where you configure the external provider and then register the initializer in the ObjectFactory.
AuthenticationProvidersInitializer
Once a user logs via SSO with the STS in the relying party instance, in case there is no user previously authenticated with the same email, a new local user account is automatically created. The profile fields of the account are populated with the information provided by the STS in the claims that are returned. Profile fields of the local account (in the relying party instance) are updated only when they are empty and only from the claims received by the STS. Thus, if you edit your first name in the relying party instance, the change is not synced with the first name on the STS. Once the account is created locally, it is bound to the identity authenticated via email by the STS. If the email is modified either in the STS, or in the local profile in the relying party instance, a new account is once again created for the external user when they log in. If this is the case, all local profile information and local application roles are lost.
Use the following sample:
Back To Top
To submit feedback, please update your cookie settings and allow the usage of Functional cookies.
Your feedback about this content is important