Home » Support » Community Server » Community Server 2007 » Single Sign-On Security Modules » Cannot get SSO cookie authentication working

Cannot get SSO cookie authentication working

Open Support Ticket

Call Support:
Direct: (214) 420-1337
Toll Free: (877) 522-6334

Monday through Friday
8 a.m. to 6 p.m. Central (GMT-6)

Join our Community
Details
  • 16 Replies
  • 0 Subscribers
  • Postedover 3 years ago
Options

Cannot get SSO cookie authentication working

This question is not answered
dkg362
Posted by
on Tue, Nov 18 2008 2:38 PM

I've searched over these forums and online documentation for days now, trying to figure out why I can't get this working for me.   Have just about reached the end of my patience rope and would love some assistance.

I have an existing ASP.NET web application that has its own registration/login, but does not use the ASP.NET membership provider (was written before it was available).  I am trying to integrate Community Server 2007 (I believe it's 2007, SP2), using the SSO module for cookie authentication.  I have our existing app set up on a test server (http://testserver/testapp), with the community server app in a virtual directory within it (http://testserver/testapp/cs).  The two Telligent DLLs for SSO have been copied into my CS web/bin directory.

Here are the settings:

CS web.config

      <authentication mode="None">
      </authentication>

CS communityserver.config

        <add name="CustomAuthentication"
            extensionType="Security"
            type="Telligent.CommunityServer.Security.CookieAuthentication, Telligent.CommunityServer.SecurityModules"
            allowAutoUserRegistration="true"
            authenticatedUserCookieName="CSUser"
            usernameKey="username"
            emailAddressKey="emailAddress"
            useEncryptedCookie="false"
            cookieValueStringFormat="Base64"
            cookieValueEncryptionFormat="ValuesOnly"
            />

I also tried setting wwwStatus = "Ignore" (instead of Remove) in the Core section, but it doesn't appear to make a difference.

CS SiteUrls.config:

Updated the login and registration URLs to point to the testapp appropriate pages.

testapp login.cs code to set cookie:

                // Handle Community Server authentication
                HttpCookie cookie = Request.Cookies["CSUser"];
                if (cookie == null)
                {
                    cookie = new HttpCookie("CSUser");
                }
                cookie.Values["username"] = user.FullName;
                cookie.Values["emailAddress"] = user.Email;
                cookie.Expires = DateTime.Now + new TimeSpan(7, 0, 0, 0);
                Response.Cookies.Add(cookie);

 

Ok, here is what is happening.  When testing, if I try to access a restricted CS page (control panel, for instance), it correctly redirects me to the testapp login page.  I then log in using my testapp login information.  When I check cookies at this point, it looks like everything is created correctly (I see CSUser with values of username=Dawn&emailAddress=xxxxxx@yahoo.com).  However, when I then go to a CS page, I still see the Sign In link at the top of the page.  I also have gone to check the aspnet_Users table, but nothing new has been created). 

What am I doing wrong?

Single Sign-On Custom Cookie Cookie SSO cookies Single Sign On SSO Custom Cookie "single sign-on" Authentication Custom authentication cookie CS2007
All Replies
  • Xander
    Posted by
    on Tue, Nov 18 2008 5:24 PM

    Hi Dawn, 

    The first thing I would try would be to drop the CookieAuthTest.aspx page that was in the SecurityModules package into your Community Server directory, and try to authenticate using that.  That way we can eliminate some of the possible suspects. 

    Additionally, if you look at the contents of your CSUser cookie when you attempt to access the restricted page after logging in, is the value of the cookie the same as what you're setting in your login page? 

    Best regards,

    -Xander
  • dkg362
    Posted by
    on Wed, Nov 19 2008 9:02 AM

    Hi Xander,

    Thanks for your reply.  I did just now do as you suggested with the CookieAuthTest.aspx page and it created the cookie fine and shows me as logged in. 

    Also, when I try to access a restricted page in CS after logging in, it just redirects me back to the login page on my test application (which of course is what it should do if it doesn't see me as logged in).  If I'm on a unrestricted CS page and look at the cookies, the values are correct.

    What should I try next?

    Dawn
  • dkg362
    Posted by
    on Wed, Nov 19 2008 3:02 PM

    One more thing I just thought to check - even though the CookieAuthTest.aspx page said I was logged in, I do not see that a user was added to the asp_Users table with that information.  Should it have done that?
  • Xander
    Posted by
    on Fri, Nov 21 2008 8:25 AM

    Hi Dawn,


    Yes, if the cookie was present and valid, and allowAutoUserRegistration is set to "true" in the config (as you have it) Community Server is going to check for an existing user with that username, and if it doesn't exist, create it. 

    The fact that when you hit the Community Server home page and still see the sign in link at the top means that most likely, either the cookie isn't being recognized or the authentication event isn't being fired.

    Can you check the versions of the CommunityServer.Components.dll and Telligent.CommunityServer.SecurityModules.dll in your Community Server \bin directory, and post those in the thread?

    Best regards,

    -Xander

     
  • dkg362
    Posted by
    on Fri, Nov 21 2008 8:35 AM

    Hi Xander,

    I'm using what came with the software development kit with this filename:  CS2007.1_3.1.20917.1142.sdk and then I'm publishing the web application from Visual Studio to my test server.  Therefore, it recompiles everything in all the projects and publishes the newly compiled DLL's with it.

    Does that help?  Do I have the wrong version?

     

    Thanks!

    Dawn
  • Xander
    Posted by
    on Fri, Nov 21 2008 8:45 AM

    Hi Dawn,

    Yes, that does help.   Additionally, what is the version number of the Telligent.CommunityServer.SecurityModules.dll?   (Since it isn't a part of the SDK and is packaged separately.)

    Best regards,

    -Xander
  • dkg362
    Posted by
    on Fri, Nov 21 2008 8:58 AM

    Well, I downloaded the trial version of the SSO a few weeks ago and that's what I'm using.  The SecurityModules.dll shows a version number 4.1.31030.0.

    Thanks,

    Dawn
  • Xander
    Posted by
    on Fri, Nov 21 2008 9:17 AM

    Hi Dawn,

    That's going to be the problem.   The SecurityModules are versioned along with Community Server, and there were some substantial changes between Community Server 2007.1 (your SDK version) and Community Server 2008.5 (your SecurityModules version.) 

    I'd suggest upgrading to use the 2008.5 SDK if possible, since that will offer you a number of benefits, though I realize that might not be feasible depending on what/how much work you've already done.  

    If upgrading is not an option, I'd suggest contacting sales or support to see if they can provide with with the CS2007.1 version of the SecurityModules package.

    Best regards,

    -Xander
  • dkg362
    Posted by
    on Fri, Nov 21 2008 9:26 AM

    Just spoke with my manager about this - will do!  If this works, I'll come back and verify your answer.

    Many thanks for all the help!!

    Dawn
  • dkg362
    Posted by
    on Tue, Dec 2 2008 8:13 AM

    Xander,

    Both my manager and I have attempted to contact someone (through sales AND support) and neither one of us has received a reply.  Can you help direct us to someone who can get us the correct version of the Security Module?

    Dawn
  • DavidAtWork
    Posted by
    on Tue, Dec 2 2008 8:43 AM

    I think we had the same problems with the mis matched versions.  Also, you may run into issues of the user being created if not on IIS.
  • Ken Robertson
    Posted by
    on Tue, Dec 2 2008 11:55 AM

    Which version are you looking for?  From where the thread left off, it looks like you were going to upgrade to the latest version of CS (and then use the latest version of the SSO modules).

    Are you not upgrading and instead need the SSO modules for CS 2007.1?
  • dkg362
    Posted by
    on Tue, Dec 2 2008 12:01 PM

    Hi Ken,

    We cannot upgrade to the latest version of CS at this time, so yes - we are looking for the SSO module for CS 2007.1.
  • dkg362
    Posted by
    on Fri, Dec 5 2008 1:14 PM

    Ok, major frustration going on here.

    After both my manager and I got no responses from sales or support, we resorted to contacting the CEO.  All of a sudden, we get a response.  Imagine that.  We finally make the necessary purchase of the CS 2007.1 SSO module (cookie auth version) and have a license key.  However, nowhere on the downloads page is there a link for this version of the SSO module.  The sales guy (now that he's done his part and made a sale, apparently) tells me to contact support.  I ask him to have someone from support contact me (since I got such a poor response the first time) and his response is to send me links to CS online documentation and support.

    I apologize for my tone of voice in this post, but this is ridiculous.  It should not be this difficult.

    Can someone please help?

    Dawn
  • Xander
    Posted by
    on Mon, Dec 8 2008 9:40 AM

    Hi Dawn,

    Can you please send me a private message?  I'd like to get some more information from you offline, and help you get this worked out.

     

    Best regards,

    -Xander
12