Building an SSO-Enabled Web Application

Beginning with Release 3.1 of the LDS .NET Stack, you can easily enable your web application to participate in the WAM single sign-on (SSO) solution.


Enabling SSO

Referencing the LDS .NET Stack Library

In a new web project, add a reference to the LDS .NET Stack Library using the NuGet Package Manager.

Modifying your configuration to enable SSO

Open Web.config and find the following element (usually added near the bottom of the file):

     <stackSecurity ssoEnabled="false"> 
       <!-- ... --> 

Change the value of ssoEnabled from false to true to allow your application to participate in SSO.

Note: When SSO is enabled, you will not be able to sign in using Forms Authentication, even if you have Forms Authentication configured in Web.config.

Because the SSO Headers are parsed to an LdsAccountUser, no other changes to your Stack-enabled code are required.

Testing your application using the SSO Simulator

Note: More detail about installing, configuring and running the SSO Simulator can be found in the SSO Simulator Getting Started guide.

Installing the Java Development Kit (JDK)

In our testing, we found that it was always simplest to uninstall the Java Runtime Environment (JRE) before installing the JDK (which includes the JRE anyway). The current version of the JDK can be downloaded from

Updating your hosts file

To allow your SSO Simulator to set cookies for a "protected" domain actually running on a development computer, it is useful to set a domain pointing to the local machine. For convenience and consistency, we recommend something as easy as To add this domain entry, open c:\Windows\system32\drivers\etc\hosts in a text editor (running as Administrator if you're using Windows 7) and add the following line:

Downloading the executable Jar file

Download the latest version of the executable Jar file from the SSO Simulator Downloads page.

Configuring the SSO Simulator

The SSO Simulator allows for advanced scenarios, and in-depth details can be found in the Configuration File Documentation. However, you can get started quickly and confirm that your application is SSO-enabled with the SSOCheck.xml configuration file.

You will need to make at least one change to the SSOCheck.xml file before you can use it locally. Find the target-port token on line 14 and replace 16157 with the actual port of your application (this may be the specific port defined in your project for the ASP.NET Development Server, or port 80 for a local IIS app).

Starting the SSO Simulator from the Command Line

For additional options and parameters, refer to the SSO Simulator Getting Started guide. For the most common "quick start" scenarios, open a command prompt and execute this command:

java -jar SSOSim-5.26.jar <path to config file>

Leave this process running during your local testing, since it will act as an HTTP proxy for your web application.

Note: If you change your SSO Simulator configuration file, you will need to stop and restart the process.

Debugging your application using the SSO Simulator as a proxy

While you can definitely start your application in debug mode and then manually browse to the proxy URL, you may find it even easier to modify your project settings to use the SSO Simulator proxy URL by default.


This technique works whether you are running your application on local IIS or using the ASP.NET Development server, so long as you have correctly updated your SSO Simulator configuration file to point to the correct target port.

Forcing Sign out and Sign in

Forcing Sign out

To force sign out, create a link to your application root with signmeout as the querystring value. For example, <a href="/?signmeout">Sign Out</a> would create a link which, when clicked, would sign the current user out of SSO for all applications.

Forcing Sign in

Consider carefully whether you have a business case for forcing a user who is already signed in to sign in again. To force sign in, redirect the user to the current page or the application root with signmein as the querystring value.

This page was last modified on 7 December 2012, at 12:03.

Note: Content found in this wiki may not always reflect official Church information. See Terms of Use.