Developer forum

Forum » Development » Single Sign-On

Single Sign-On

E-mail notifications

Reply
Posted on 04/03/2011 13:17:48
A costumer has asked ud to find out if DW supports SSO (Single Sign-on). The request from the costumer:

"If you want to do SSO between different companies, there are some other technologies you need. SAML 2.0 is the standard typically talked about, or ADFS that is the Microsoft implementation of SAML and link to AD.

I would like you to examine whether DW supports ADFS / SAML. Can for example be done by using WIF SDK from MS."



Replies

 
Nicolai Høeg Pedersen
Posted on 14/03/2011 12:53:34
Reply
Dynamicweb does not support ADFS or SAML out of the box.

It is possible though to implement it on a custom solution.
 
Christian Fisker
Posted on 30/09/2014 15:36:09
Reply

Hi,

I also have a request from a customer about what it would take to implement SSO using ADFS on their website.

Does anyone have any experience or recommendations regarding how to implement SSO via ADFS in a Dynamicweb solution?

Thanks. 

 
Nicolai Høeg Pedersen
Posted on 30/09/2014 17:31:24
Reply

Hi Christian

With Dynamicweb 8.5 we have released an integration to Active Directory where security groups and users are syncronoized to the webserver using a Service. When users on the website authenticates, they will be authenticated against the Service as well - so user login information is only handled by the AD. See preleminary documentation attached.

You can also integrate the ADFS service to the webserver itself and connect Dynamicweb directly to the local AD.

 
Magnus Holmberg
Posted on 18/03/2016 10:33:28
Reply

Hi,

The AD integrtion does it support SSO (Single sign-on)?

Thanks.

 
Nicolai Høeg Pedersen
Posted on 18/03/2016 11:07:02
Reply

Hi Magnus

SSO can be 2 things:

  1. The same username and password from the same user store used in more places
  2. The user only logs in to his Windows machine and then the user does not have to login in other places, i.e. in the browser

Dynamicweb supports both - question is if you can get it up and running in your customers environment.

@1: Yes, no problem

@2: It is in theory possible but really difficult. The webserver has to be a member of the domain, you need to set up the website to use only Windows Authentication (meaning anonymous users cannot access the site), the application pool has to run under credentials that has permissions to talk to the AD (usually Network Services will do). Then you need to configure your browsers to include Windows Credentials for the website hostname, see i.e. https://www.liquidstate.net/enabling-ntlm-authentication-single-sign-on-in-firefox/.

It has to be setup for each browser on each users machine. It can be done for Chrome, Firefox and IE. Edge maybe. The settings can be distributed with AD policies if you have an AD administrator who knows hes way around policies.

When the browsers have been setup, it should work - in theory. But it all depends on permissions and policies on the machines, and sometimes it can give some issues.

If you do not change the browsers to include windows credentials automatically, users will be prompted to specify username and password when they visit the website. They can then mark the username/password to be stored by the browser.

BR Nicolai

 
Niels Mølgaard Thorsen
Posted on 04/04/2017 16:21:41
Reply

Hej Nicolai,

Vi ønsker at implementere ADFS i vores hostede DynamicWeb.

Hvad skal der konkret til?

/Niels M. Thorsen

 

You must be logged in to post in the forum