Single sign on in the manager

With the introduction of Smartsite iXperion 1.1, the manager offers single sign on functionality in the manager. If you login in the manager, you are also automatically logged in onto the publication server. This allows you to view and preview restricted items using your own account. In previous versions of Smartsite, you were redirected to the login page on the publication server when viewing restricted pages or access was denied all together.

Implementation details

When you login in the manager, the Cms server asks the Pub server (using the InteropService) for a single sign on token. A hidden iframe in the manager makes a specially crafted request to the publication server which responds with the token set in a session cookie. All furhter requests made to the Pub server now carry this session cookie containing the single sign on token that allows the user to view restricted pages.

Note that the single sign on tokens are not stored in the database, so when the publication is restarted, the active single sign on tokens are lost and you may need to reload the manager in the browser to get a new single sign on token.

Disabling Single Sign-on

When you're using mixed security (Active Directory on the front-end and Smartsite security for the cms manager), you cannot use single sign-on.

To disable the single sign-on functionality, you should add the registry setting EnableSSO (string value) to the Manager key of your site's registry, and specify the value 0 (=False).