Telligent Community Single Sign On (SSO) - Forms Authentication

I thought I would expand a little on the wiki article that Telligent has posted here regarding forms authentication single sign on.  The one thing that isn't included in that wiki is sample code.  So hopefully this will help many of you out there who don't know where to start. 


Configure Telligent Community:

Step 1: Add the following lines of code to your communityserver_override.config

<Override xpath="/CommunityServer/Core/extensionModules/add[@name='FormsAuthentication']" mode="remove" />
<Override xpath="/CommunityServer/Core/extensionModules" mode="change" name="enabled" value="true" />
<Override xpath="/CommunityServer/Core/extensionModules" mode="add" where="end">
<add name="FormsAuthentication" extensionType="Security" type="CommunityServer.SecurityModules.FormsAuthentication, CommunityServer.SecurityModules" allowAutoUserRegistration="true" userProfileCookie="CSUserProfile" useEncryptedCookie="true" profileRefreshInterval="7" />


Step 2: Add the following lines of code to your siteurls_override.config

 <Override xpath="/SiteUrls/locations/location[@name='common']/url[@name='login']" mode="remove" />
<Override xpath="/SiteUrls/locations/location[@name='common']/url[@name='login_clean']" mode="remove" />
<Override xpath="/SiteUrls/locations/location[@name='common']/url[@name='logout']" mode="remove" />
<Override xpath="/SiteUrls/locations/location[@name='user']/url[@name='user_Register']" mode="remove" />
<Override xpath="/SiteUrls/locations/location[@name='user']/url[@name='user_Register_clean']" mode="remove" />


Step 3: Update web.config

You will need to update your web.config to ensure you have the authentication section setup correctly.  The names of the cookies needs to match between the applications.

<authentication mode="Forms">
<forms name=".ASPXAUTH" protection="All" timeout="60000" loginUrl="login.aspx" slidingExpiration="true" domain="" />

Add the machine key from your existing application to the web.config in Telligent Community.  These must match or single sign on will not work.

One thing to note during this step is that the name ".ASPXAUTH" needs to match the name you are using in your existing application.


Configure your existing application:

I'll make the assumption that your existing application uses basic forms authentication and uses the email address to login.  You're code might look something like this:


string username = user.Username;
string userData = "username=" + username;
FormsAuthenticationTicket authticket = new FormsAuthenticationTicket(1, username, DateTime.Now, DateTime.Now.AddDays(14), true, userData);
string encryptedTicket = FormsAuthentication.Encrypt(authticket);
HttpCookie authCookie = new HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket);
if (chkBoxRememberMe.Checked)
authCookie.Expires = authticket.Expiration;
authCookie.Domain = FormsAuthentication.CookieDomain;


Telligent Community will automatically create the user for you based on this cookie.  What will happen is that your email address used in the auth cookie will be placed in the username field in the cs_users table.

The next step is to create a cookie to carry over some additional values you might want to populate your user record with.  For example, you probably don't want to show everyone's email addresses on the site as many people see that as a privacy issue.  So what we'll do is create a cookie to hold a value for display.  In Telligent Community we call that "CommonName."


HttpCookie emailAddressCookie = new HttpCookie("CSUserProfile");
emailAddressCookie.Values.Add("Email", user.Email);
emailAddressCookie.Values.Add("commonname", user.FirstName + " " + user.LastName);
if (chkBoxRememberMe.Checked)
emailAddressCookie.Expires = authticket.Expiration;
emailAddressCookie.Domain = FormsAuthentication.CookieDomain;


Once you have both applications configured above you should be ready to go.  The first thing I would do is login to your existing application and verify the cookies are being written properly.  If they are, go ahead and load up the community in the same browser and Telligent Community should log you in automagically.

One thing to note: Both applications need to be on the same domain.


2 comment(s) so far

hello, there, can you share me the SSO bin file?

@David - I'm not authorized to provide you with that file. Sorry!

Leave a Comment