Does Sitefinity support SAML 2.0?
We have developed a SSO(an Identity Provider) with SAML 2.0. I just wanna know whether Sitefinity gives support for SAML . Can we have or build a SAML SP from sitefinity?
Hello,
There are two approaches to integrate with external authentication provider. I will elaborate on both:
1.In Sitefinity the authentication mechanics that is passing trough ClaimsManager class requires that always a Simple web token (SWT) is passed also the standard approaches to integrate an application with an external authentication provider like SAML2 or any other, Facebook and other will not work because of the internal mechanics of how Sitefinity handles authentication. Its mandatory that the token is SWT (simple web token) the communication that occur to SAML2 must at the end get to SitefinitySTSWebApp and issue SWT token.
The approach that is best is to add the integration with SAML2 inside SitefinitySTSWebApp (here is a screenshot where this application can be downloaded from your Telerik account). The basic setup for configuring the STS application is outlined in this documentation article.
Plug the integration with SAML2 in SimpleWebTokenHandler.
Sitefinity needs to receive its Simple web token trough the STS for all this to work.
2. The above approach is the general one which handles any third party authentication and token from the STS application and doesn`t directly comes in contact with Sitefinity.
There is also another approach which is sampled by the Sitefinity SDK team in this github repository where the sample provides sign it with facebook, google and amazon functionality. Laverage the sample for extending the authentication with SAML2 as authentication.
Based on your specific requirements review and choose the most suitable integration method for your application.
Regards,
Stanislav Velikov
Telerik by Progress
Thanks for the response.