Sitefinity x Azure AD SAML SSO Login Integration
sitefinity | .NET, CMS, Sitefinity | 2023-10-20
sitefinity | .NET, CMS, Sitefinity | 2023-10-20
The setup consists of 2 parts: Azure and Sitefinity.
Azure Entra ID configuration and custom code implementation in Sitefinity.
Configure Single sign-on
a. Identifier (e.g. https://localhost:5001/Saml2)
b. Reply URL (e.g. https://localhost:5001/Saml2/Acs)
c. Attributes & Claims
Under Users and groups, add user and groups that you would like them to access the application, assign a default role for the assigned users and groups.
a. Under Entra ID → App Registration → <Application> → App roles, Create app roles that matched with roles setup in Sitefinity CMS.
b. Add user/group in the Enterprise App and assign role.
Global.asax.cs
CreateUserFromSaml.cs
Build the project, then login to Sitefinity CMS dashboard
Navigate to Administration → Settings → Advanced Settings → Authentication → SecurityTokenService → AuthenticationProviders → Create New
Name it saml2p and configure as below
Configure all 3 parameters underneath as below:
a. SpEntityId: <your domain>/Saml2 (The setting must matched with Identifier (Entity ID) in Azure Step 3 above)
b. IdpEntityId: <get the Microsoft Entra Identifier link from Azure Step 3 above>
c. IdpMetadataUrl: <get the App Federation Metadata Url link from Azure Step 3 above>
Logout from Sitefinity CMS and restart the application.
Go to Sitefinity login screen and you are able to see Azure SAML button below the usual login username & password.
Go through the Azure SAML SSO login
The user will be auto generated and role is assigned to the generated user