Sitefinity Vendor Actions (to be done by the vendor after Cobalt preparations are completed)
You will need to take the steps described below with your Sitefinity site to complete the SSO integration. In addition, you will need the following values, which will be provided by Cobalt and will replace any values in [brackets] :
- Association API Endpoint URL (The API URL for that association's D365 instance)
- Encrypted Security Key Value (The API key created and encrypted by Cobalt)
- Portal URL (The URL for the standalone or widgetized portal, whichever the client wants)
- Content Administrator Role (The name of the CMS User Role that includes all D365 contacts that should have back-end Sitefinity access.)
1) Build / Copy the CobaltSitefinityMembershipProvider.dll.
- Download the CobaltSitefinityMembershipProvider project from GitHub (https://github.com/TheCRMLab/CobaltSitefinityMembershipProvider )
- Update the dlls in the SitefinityReferences folder under the CobaltSitefinityMembershipProvider project for whichever version of Sitefinity is being targeted. Note: The included references are for Sitefinity 6.1.
- Build the project to ensure the correct Sitefinity libraries are referenced
- Copy the CobaltSitefinityMembershipProvider.dll and RestSharp.dll to the \bin directory of the Sitefinity site
2) Open the web.config in the root of the SF site
-
Inside the <appSettings> node add the following key / value nodes’
- <add key="CobaltApiUrl" value="[Association API Endpoint URL]" />
- <add key="CobaltApiKey" value="[Encrypted Security Key Value]"/>
- Replace the following code block:
<roleManager enabled="false" />
<membership defaultProvider="Default">
<providers>
<clear />
<add name="Default" type="Telerik.Sitefinity.Security.Data.SitefinityMembershipProvider, Telerik.Sitefinity" />
</providers>
</membership>
With:
<roleManager enabled="true" defaultProvider="Cobalt">
<providers>
<clear />
<add name="Cobalt" type="CobaltSitefinityMembershipProvider.RoleProvider"/>
</providers>
</roleManager>
<membership defaultProvider="Cobalt">
<providers>
<clear />
<add name="Cobalt" type="CobaltSitefinityMembershipProvider.MembershipProvider" />
</providers>
</membership>
Replace the following
<federationConfiguration>
<wsFederation passiveRedirectEnabled="true" issuer="http://localhost" realm="http://localhost" requireHttps="false" />
<cookieHandler requireSsl="false" />
</federationConfiguration>
With:
<federationConfiguration>
<wsFederation passiveRedirectEnabled="true" issuer="[Portal Url]/Authentication/sts.ashx" realm="[Sitefinity website url]" requireHttps="true" />
<cookieHandler requireSsl="true" />
</federationConfiguration>
Add the following after the </security> closing tag inside the first system.webServer node
<rewrite>
<rules>
<rule name="Sitefinity STS Signout" stopProcessing="true">
<match url="^sitefinity/signout$" />
<conditions logicalGrouping="MatchAll" trackAllCaptures="false">
<add input="{QUERY_STRING}" pattern="sts_signout=true" negate="true" />
</conditions>
<action type="Redirect" url="/Sitefinity/Signout?sts_signout=true" appendQueryString="true" redirectType="Temporary" />
</rule>
</rules>
</rewrite>
Save and close the web.config
3) Open the Security.config in the App_Data\Sitefinity\Configuration directory
Replace the following
<securityConfig xmlns:config="urn:telerik:sitefinity:configuration" xmlns:type="urn:telerik:sitefinity:configuration:type" config:version="6.1.4700.0" authCookieName="[TBD by SF Dev]" rolesCookieName="[TBD by SF Dev]" validationKey="[TBD by SF Dev]" decryptionKey="[TBD by SF Dev]">
With:
<securityConfig xmlns:config="urn:telerik:sitefinity:configuration" xmlns:type="urn:telerik:sitefinity:configuration:type" config:version="6.1.4700.0" authCookieName="[TBD by SF Dev]" rolesCookieName="[TBD by SF Dev]" validationKey="[TBD by SF Dev]" decryptionKey="[TBD by SF Dev]" defaultBackendRoleProvider="Cobalt" defaultBackendMembershipProvider="Cobalt">
Replace the following
<securityTokenIssuers>
<add key="EE0FF302FE1A91B4E1AB025B726EBAD7589F4F0F8C54A3A94D7A20B0F7D22E50" encoding="Hexadecimal" membershipProvider="Default" realm="http://localhost" />
</securityTokenIssuers>
<relyingParties>
<add key="EE0FF302FE1A91B4E1AB025B726EBAD7589F4F0F8C54A3A94D7A20B0F7D22E50" encoding="Hexadecimal" realm="http://localhost" />
</relyingParties>
With:
<securityTokenIssuers>
<add key="CD29559E6EDC312272976AC43F7E921C5766D7063DAF6D177F3EEDEB1802FABE" encoding="Hexadecimal" membershipProvider="Cobalt" realm="[Portal Url]/Authentication/sts.ashx" />
</securityTokenIssuers>
<relyingParties>
<add key="CD29559E6EDC312272976AC43F7E921C5766D7063DAF6D177F3EEDEB1802FABE" encoding="Hexadecimal" realm="[Sitefinity Url]" />
</relyingParties>
Replace the following
<membershipProviders>
<config:link name="OpenAccessMembership37Provider" path="migrationModuleConfig/membershipProviders/OpenAccessMembership37Provider" module="Migration" />
</membershipProviders>
With:
<roleProviders>
<add title="Cobalt" description="Cobalt" type="CobaltSitefinityMembershipProvider.SitefinityRoleDataProvider, CobaltSitefinityMembershipProvider" enabled="True" name="Cobalt" />
</roleProviders>
<membershipProviders>
<config:link name="OpenAccessMembership37Provider" path="migrationModuleConfig/membershipProviders/OpenAccessMembership37Provider" module="Migration" />
<add title="Cobalt" description="Cobalt" type="CobaltSitefinityMembershipProvider.SitefinityMembershipDataProvider, CobaltSitefinityMembershipProvider" enabled="True" name="Cobalt" />
</membershipProviders>
<administrativeRoles>
<role roleProvider="Cobalt" roleName="[Content Administrator Role]" />
</administrativeRoles>
Save and close the Security.config
4) In addition to the changes in the document, these settings need to be changed/verified in the Sitefinity site settings:
1. Settings -> Advanced -> Authentication
- Authentication protocol = SimpleWebToken
- EncryptionKey = CD29559E6EDC312272976AC43F7E921C5766D7063DAF6D177F3EEDEB1802FABE
2. Settings -> Advanced -> Authentication -> RelyingParty
- Issuer =https://[Portal URL]/authentication/sts.ashx
- Realm =https://[Portal URL] /authentication/sts.ashx
3. Settings -> Advanced -> Security
- AuthenticationMode = Claims
- DefaultBackendRoleProvider = Cobalt
- DefaultBackendMembershipProvider = Cobalt
- AllowExternalRoleProviders checked
- Trusted domains = [Portal URL]
4. Settings -> Advanced -> Security -> SecurityTokenIssuers
-
Make sure there is a single item here, with:
- Realm = [Portal URL]
- Key = CD29559E6EDC312272976AC43F7E921C5766D7063DAF6D177F3EEDEB1802FABE
- Encoding = Hexadecimal
- MembershipProvider = Cobalt
5. Settings -> Advanced -> Security -> RelyingParties
-
Make sure there is a single item here, with:
- Realm = [Portal URL]
- Key = CD29559E6EDC312272976AC43F7E921C5766D7063DAF6D177F3EEDEB1802FABE
- Encoding = Hexadecimal
- MembershipProvider= Cobalt
6. Settings -> Advanced -> Security -> Role Providers
- Make sure there is an item here, with:
- Name = Cobalt
- Title = Cobalt
- Description = Cobalt
- ProviderTypeName = CobaltSitefinityMembershipProvider.SitefinityRoleDataProvider, CobaltSitefinityMembershipProvider
- Enabled checked
7. Settings -> Advanced -> Security -> Membership Providers
-
Make sure there is an item here, with:
- Name = Cobalt
- Title = Cobalt
- Description = Cobalt
- ProviderTypeName = CobaltSitefinityMembershipProvider.SitefinityMembershipDataProvider, CobaltSitefinityMembershipProvider
- Enabled checked
5) Restart the Sitefinity site after making all changes and go to [site url]/Sitefinity
- Verify that you get the portal login prompt.
- Verify that you can login as a user in the Content Administrators role specified by Cobalt and that you are redirected to the Sitefinity backend.
NOTE: If any changes need to be made to the orgs configuration, the Sitefinity site will need to be restarted after the changes are made in order to reference the new configuraiton.