Sitefinity Integration with Azure AD / Open ID

Azure AD Setup

1/ Go to you Azure Active Directory → App Registrations → New Registration

2/ Give a name to the application, you can leave the Redirect URI as blank now. Then click Register.

3/ Go to Authentication Tab → Add a platform → Web

4/ Redirect URIs: http://<Sitefinity Instance>/Sitefinity/Authenticate/OpenID/signin-custom

5/ Select the tokens you would like to be issued by the authorization endpoint: Check ID Tokens

Sitefinity Setup

1/ Spin up (If you haven’t) and run the Sitefinity Instance

2/ Login to Sitefinity backend → Go to Administration → Advanced → Authentication → SecurityTokenService → AuthenticationProviders → OpenIDConnect

3/ Do the following settings:

SettingKey
ClientID<Azure AD App – Application (client) ID>
Response typeid_token
Allowed scopesopenid profile email
Authorityhttps://login.microsoftonline.com/<Azure AD App Directory (tenant) ID>/v2.0
Metadata addresshttps://login.microsoftonline.com//v2.0/.well-known/openid-configuration
Redirect URIhttp://<Sitefinity instance>/Sitefinity/Authenticate/OpenID/signin-custom
Post logout redirect URIhttp://<Sitefinity instance>
TitleAzure AD Login
EnabledTrue
Auto assigned rolesAdministrators
Require email claim from this providerFalse

4/ Restart Sitefinity

5/ Verification

a/ Visit http://<Sitefinity instance>/Sitefinity → Click Azure Login

b/ It will prompt you a permission request for first time login, simply press Accept.

c/ It will prompt for your username + password. Fulfill it and it will route you back to Sitefinity dashboard

d/ Then go to Administration → Users, you will see an unknown user and a default user while both having same email address.

e/ It is working!

Further Enhancement

  • Intercept AzureAD callback response, and create necessary users with proper profile
  • Hide the default login method completely
    • c/ Restart Sitefinity, and you will see only Azure Login button
    • d/ Consider to write a script to redirect on page load

References

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s