Sitefinity is a CMS, just like Wordpress and Drupal, but, unlike those, we do not integrate with it using SAML plugins. Instead, we use our API as well as some code developed by Cobalt developers in addition to changes in the association's portal code. This is because Sitefinity did not support SAML plugins at the time when our integration process was developed.
Note that, if an association wishes to use Web Elements on their Sitefinity site in addition to SSO, they will still need a widgetized portal. The Widget portal will be used in the steps below rather than the standard portal. To learn how to configure a widgetized portal, refer to this article.
Below are instructions for configurations to be made by Cobalt. Cobalt will need to know the Sitefinity Website URL.
Cobalt CRM and API Prep (done by Cobalt before Sitefinity Vendor makes changes)
1. Configure API Service Configuration in the association's D365 instance. For details on creating that Service Configuration, refer to this article.
2. Copy the encrypted API Key value on a notepad page or other location -This value will be shared with the Sitefinity vendor and used in step 3 of Part 2 to authenticate to the API
3. Add the following to the portal web.config in the <appSettings> section
<add key="http://[Sitefinity Site URL]" value="CD29559E6EDC312272976AC43F7E921C5766D7063DAF6D177F3EEDEB1802FABE" />
4. Add the following to the portal web.config in the <system.web> section, before the <!-- Core --> tag
<system.webServer> <modules runAllManagedModulesForAllRequests="true"/> <handlers> <add name="SimpleWebToken" verb="*" path="/Authentication/sts.ashx" type="Cobalt.Applications.Crm.Sitefinity.Authentication.SitefinitySts.SimpleWebTokenHandler"/> <add name="SingleSignout" verb="*" path="/Authentication/signout.ashx" type="Cobalt.Applications.Crm.Sitefinity.Authentication.SitefinitySts.SingleSignoutHandler"/> </handlers> </system.webServer>
*Step 3 can be repeated for any other sites that the association would like to connect with D365. For instance, if the developers are building the site on a dev site, testing in a UAT site and then going live with a production site, all three URLs can be used. That would look like this:
<add key="https://devurl.org" value="CD29559E6EDC312272976AC43F7E921C5766D7063DAF6D177F3EEDEB1802FABE" /> <add key="http://UATurl.com" value="CD29559E6EDC312272976AC43F7E921C5766D7063DAF6D177F3EEDEB1802FABE" /> <add key="https://productionurl.net" value="CD29559E6EDC312272976AC43F7E921C5766D7063DAF6D177F3EEDEB1802FABE" />
Send the client and their SF vendor the instructions in this article.
There are several places which call out values (listed below) that the Sitefinity developers will need in order to perform the work of integrating the SSO. These include:
- Association API Endpoint URL (The API URL for that association's D365 instance)
- Encrypted Security Key Value (The API key created and encrypted in step 1 above)
- Portal URL (The portal URL for that association's D365 instance
- Content Administrator Role (A CMS Role that includes all D365 contacts or users that should have back-end Sitefinity access. For instructions on creating CMS user roles, refer to this article: LINK)
NOTE: If any changes need to be made to the orgs configuration, the Sitefinity site will need to be restarted after the changes are made in order to reference the new configuration.