IMPORTANT: This version of Sitefinity CMS is out of support and the respective product documentation is no longer maintained and can be outdated. Use the version selector to view a supported product version.

Administration: Configure the OpenID Connect provider

With Sitefinity CMS, you can configure the out-of-the-box OpenID Connect provider and its parameters and enable authentication via OpenID protocol with third party Security Token Issuer (STS) that supports the protocol.

PREREQUISITES: Configure your application as a client in an external STS.

IMPORTANT: The OpenID Connect provider only supports the implicit client authentication flow.

To configure the OpenID Connect provider, perform the following:

Navigate to Administration » Settings » Advanced.
In the left pane, expand Authentication » SecurityTokenService » AuthenticationProviders.
Expand the OpenIDConnect node.

Enter values or modify the following parameters:

Key	Value
Client ID	The client ID configured in the external STS.
Authority	The absolute path to the external STS.
Response type	Set this key to id_token, as this is required for authentication using implicit flow.
Allowed scopes	Enter the scopes, required by your scenario. The minimum required scopes for Sitefinity CMS to work with the OpenID Connect provider are openid profile rememberMe email.
Redirect URI	The absolute path to the local STS, in this case enter https://<yoursitefinitysite>/<sts-endpoint-relative-path>/<custom-signin-path> where: <yoursitefinitysite> is the domain where you host the local Sitefinity CMS instance. <sts-endpoint-relative-path> is the default STS endpoint relative path in Sitefinity CMS, which is Sitefinity/Authenticate/OpenID. <custom-signin-path> this is a custom key that defines the sign in path and must be unique among all external authentication providers in the Sitefinity CMS instance. NOTE: Make sure the path is added in the external STS during client registration. The path, configured in the external STS, must be identical to the value of the Redirect URI parameter.
Callback path	An optional constrained path, on which to process the authentication callback. If you do not provide a value, the value is generated from the Redirect URI parameter, for example: /Sitefinity/Authenticate/OpenID/signin-custom. NOTE: Each external provider has a unique endpoint.
Post logout redirect URI	You configure this parameter in the settings of the Identity server client of the external STS as a redirect URI. Enter the desired post logout URI from your site, for example, http://mysitefinitysite NOTE: This must be a URL from your site.
Data provider	Enter the name of the local membership provider where users are created.
Title	The text that is displayed on the login button, for example, OpenID.
Auto assigned roles	Optionally, enter the roles that are automatically assigned to users registered with the OpenID Connect provider (separated with a comma).
Link css class	Enter the CSS to be applied to the login button.

Select Enabled checkbox.
Save your changes.
Restart the application.

Next: Administration: Social media

Was this article helpful?

Yes No

Would you like to submit additional feedback?

Your feedback about this content is important

How helpful is this article?

Very helpful Somewhat helpful Not helpful

How can we improve this article?(Optional)

Fix typos or links

Fix incorrect information

Add or update code samples

Add or update illustrations

Add information about...

Send feedback Cancel