Verify Single Sign On with an External Authentication Provider

The tests listed here can be used to confirm the deployment of the SilhouetteCentral system configured with Single Sign On (SSO) using an external authentication provider (e.g. ADFS).

Tests are also provided to confirm operation on various configuration changes relating to SSO, including when an external authentication provider has been disabled or when Silhouette Local User logins are disabled.

Select the appropriate procedures for your configuration.

1: Login with an external authentication provider user account

Use this procedure to check the Silhouette system and external authentication provider are correctly configured. The use of this procedure proves the following:

• The SilhouetteTokenService is configured with Saml2.Enabled set to true.
• The SilhouetteTokenService is configured a valid Saml2.AuthenticationSchemes configuration.
• The SilhouetteCentral Group configuration has correctly mapped Authentication Provider Claims.

1. Navigate to the SilhouetteCentral web application URL. You see the SilhouetteCentral unauthenticated user landing page with a Login button.
2. Select Login.
3. If you see the Silhouette login page, there is a Login with <displayName> button to initiate the login with the authentication provider. Select the Login with <displayName> button.
4. If you see the authentication provider login page, proceed with the login.
5. You are logged in to the SilhouetteCentral application and can navigate to view your user profile under Admin > Profile or Admin > Users.

If possible, have someone assigned to each of the Silhouette groups login to check that all authentication provider mapping is correct.

2: Verify Allow Local Login (Silhouette Local users) is disabled

Use this procedure to check the SilhouetteTokenService is correctly configured with AccountSecurity.AllowLocalLogins set to false.

1. Navigate to the SilhouetteCentral web application URL. You see the SilhouetteCentral unauthenticated user landing page with a Login button.
2. Select Login. You are not presented with a Silhouette login page with Username and Password text entry boxes. You are either:
   1. Presented with a Silhouette login page with buttons to select between external authentication providers.
   2. Presented with a login page from the external authentication provider.
   3. Logged in to the SilhouetteCentral app automatically based on an active session established with the external authentication provider.

3: Verify an external authentication provider has been disabled

Use this procedure to check an external authentication provider configuration has been. The use of this procedure proves the SilhouetteTokenService configuration has had a Saml2.AuthenticationSchemes successfully removed.

1. Navigate to the SilhouetteCentral web application URL. You see the SilhouetteCentral unauthenticated user landing page with a Login button.
2. Select Login.
3. You see the Silhouette login page and there is no Login with <displayName> button.
4. Proceed to login as a Local Silhouette User with Can Manage Users and Groups permission.
5. Navigate to Admin -> Users. Review the list of users to confirm there are no longer any user records listed for the removed authentication scheme.