ADFS Authenticator

  0 rating
3/24/2014 1:19:50 AM
4/17/2015 1:40:22 PM

About

The ADFS Authenticator is a rewritten version of the Fed Authenticator module in .NET 4.5, using the new System.IdentityModel namespaces, with specific configuration for the Active Directory Federated Services (ADFS). 


The module implements the following additional features:


  • ADFS Logout 
  • Authenticating users as Administrators


Documentation

Documentation
  • Documentation > Installation ¬†Steps
    Installation Steps

    1. Install the ADFS Authenticator update package.
    2. Edit \Website\Web.config as follows 

     - add 

     <section name="system.identityModel" type="System.IdentityModel.Configuration.SystemIdentityModelSection, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
        <section name="system.identityModel.services" type="System.IdentityModel.Services.Configuration.SystemIdentityModelServicesSection, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
     to <configSections />
     - add the following keys to <appSettings />
     <add key="ida:FederationMetadataLocation" value="{Relace with the path to the metadata XML file}" />
        <add key="ida:Realm" value="{Replace with the website URL}" />
        <add key="ida:AudienceUri" value="{Replace with the website URL}" />

     - add the following section right after </appSettings>
      <location path="sitecore modules/Shell/FedAuthenticator/Login.aspx">
       <system.web>
         <authorization>
        <deny users="?"/>
         </authorization>
       </system.web>
        </location>
     
     - add the following modules to the system.webServer module list right after the Sitecore.Nexus.Web.HttpModule,Sitecore.Nexus

     <add name="WSFederationAuthenticationModule" type="System.IdentityModel.Services.WSFederationAuthenticationModule, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" preCondition="managedHandler" />
        <add name="SessionAuthenticationModule" type="FedAuthenticator.Authentication.WsSessionAuthenticationModule, FedAuthenticator"/>
     
     - add the following config section right before </configuration>
     
     <system.identityModel>
        <identityConfiguration>
          <audienceUris>
            <add value="{Replace with a website URL}" />
          </audienceUris>
          <securityTokenHandlers>
            <add type="System.IdentityModel.Services.Tokens.MachineKeySessionSecurityTokenHandler, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
            <remove type="System.IdentityModel.Tokens.SessionSecurityTokenHandler, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
          </securityTokenHandlers>
          <certificateValidation certificateValidationMode="None" />
          <issuerNameRegistry type="System.IdentityModel.Tokens.ValidatingIssuerNameRegistry, System.IdentityModel.Tokens.ValidatingIssuerNameRegistry">
            <authority name="{Replace with the ADFS trust url (http://adfs.mydomain.com/adfs/services/trust)}">
              <keys>
          <!-- Modify the key -->
                <add thumbprint="8F9410B1BB4E03053F583A7CA37A54597262C5E2" />
              </keys>
              <validIssuers>
                <add name="{Replace with the ADFS trust url (http://adfs.mydomain.com/adfs/services/trust)}" />
              </validIssuers>
            </authority>
          </issuerNameRegistry>
        </identityConfiguration>
      </system.identityModel>
      <system.identityModel.services>
        <federationConfiguration>
          <cookieHandler requireSsl="true" />
          <wsFederation passiveRedirectEnabled="true" issuer="{Replace with the ADFS token issuer (https://adfs.mydomain.com/adfs/ls/)}" realm="{Replce with the website URL}" requireHttps="true" />
        </federationConfiguration>
      </system.identityModel.services>  





    0
  • Documentation > Post Install Configuration
    Post Install Configuration
    Access Configuration

    Once the module has been installed Sitecore security can be used to grant access to restricted areas of the website using Access Rights based on Sitecore Roles. Sitecore roles should have the same names, as Role claims passed from the ADFS.

    Logging in as Administrator

    The ADFS Authenticator allows to login members of a certain ADFS Role as Sitecore Administrators. The role is configured by modifying the ADFS.Authenticator.AdminUserRole setting in \Website\App_Config\Include\ADFS.Authenticator.config

    ADFS Authenticator Login Page 
    http://scdomain/sitecore modules/shell/adfsauthenticator/login.aspx
    1
Back
Release notes
Version 1.0 - Uploaded 03/23/14
Read more Back
Code examples

Solution screenshots(0)

Upload

Reviews (0)

Sort by: Date Most votes
  • Profile Avatar
    [fullName]

    Level: 0

    x0 x0 x0

    [date]

    [title]

    [text]

    Was this helpful?

    0

Comments (0)

Sort by: Date  Most votes

Leave a Comment

Comment must be field in
Post comment
loader

Write a review

Title can't be empty
Review can't be empty
Post review

Download

Title Description Download Action

Add File