Select a site

IMPORTANT: This version of Sitefinity CMS is out of support and the respective product documentation is no longer maintained and can be outdated. Use the version selector to view a supported product version.

Administration: Set up SSO with claims-based authentication

Single sign-on (SSO) is a feature which enables users to authenticate just once and then access multiple websites without the need to enter logon credentials again for each site. 

To set up SSO with claims authentication, you need at least two Sitefinity CMS sites. One is called the Issuer, the other – the Relying Party.

To set up SSO, perform the following:
  1. Ensure that both sites are using claims-based authentication.
    For more information, see Administration: Switch to claims-based authentication.
    2.
  2. Configure the Issuer, by performing the following:
    1. Click Administration » Settings » Advanced » Security » RelyingParties.
      There is a relying party created by default. Click on it in the tree-view, copy and save its Key.
    2. Navigate back to RelyingParties and click Create new.
    3. In Realm, enter the root URL of the Relying party that identifies your website. You can use your website's domain name (and virtual directory if applicable) in most cases.
    4. In Key, create a key, or use the key copied in Step 2a.
      5.
    5. In Encoding, enter Hexadecimal so that the browser receives the same text as the one entered in the Realm URL.
    6. In MembershipProvider, enter Default. You can edit the default membership data provider in  Administration » Settings » Advanced » Security » Membership Providers.
    7. Click Save changes.
  3. Configure the Relying Party, by performing the following:
    1. Click Administration » Settings » Advanced » Security » SecurityTokenIssuers.
    2. Click Create new.
    3. In Realm, enter <the root URL of the Issuer >/Sitefinity/Authenticate/SWT.

      The value of the root URL must be exactly the same as you have entered in the Issuer's realm, including letter case, any trailing slashes and the protocol (http or https).

      For example http://smith.telerik.com/Sitefinity/Authenticate/SWT.
    4. In Key, enter the same key you entered in Step 2d (Key for Issuer).
    5. In Encoding, enter Hexadecimal.
    6. In MembershipProvider, enter Default.
    7. Click Save changes.
    8. From the backend, open the web.config file. In the web.config file, search for wsFederation under <system.identityModel>, and set its issuer to the address you specified in Step 3c (Realm for Relying Party).
    9. Save and close the web.config file.
  4. Perform this procedure for as many sites as you need.

Back To Top

Next: Administration: Set up SSO with Windows authentication