Many associations have their MatrixMaxx AMS integrated with a CMS for SSO (Single Sign On) with their WWW website. The SiteFinity CMS is one of these. But starting with the SiteFinity 10 release, there have been some issues in their SSO integrations with an outside contact database (AMS, CRM, etc.)
What is causing the issue?
SiteFinity 10 and higher enforces required, unique emails as the primary key for each user record in its User table, while most AMS databases allow users to have blank emails, change their emails, merge records, etc., and use database IDs as the primary key.
So for integrations using SF’s User table, these changes in the AMS cause login issues.
What is the symptom of the issue?
Usually, a user will report getting a 500 error. However, this issue may also manifest itself in other ways including a ‘not authorized‘ message on a page they should be able to access, or an odd redirect that puts them on the homepage of the site instead of in the content page they were expecting.
How can this issue be resolved?
1) You can deal with this yourself, after a user reports it, on a case-by-case basis, in SiteFinity. See instructions below.
2) You can ask the Matrix Services team to handle this on a case-by-case basis in SiteFinity. This is pretty fast for the Services team to do, if you are pressed for time. Typically 15-30 minutes ($50-$70-ish)
3) If the volume on these issues gets too high, the Matrix Services team can put some code in place in SiteFinity to deal with this in an automated way as users log in. This code has been implemented for several associations with AMS SSO integrations with SiteFinity, and results have been good. Cost on this solution varies, so please contact Matrix for more information and pricing.
How to troubleshoot this issue yourself in SiteFinity
There are 2 key steps:
- Find and delete the bad User record(s) in SF, and
- Have the user ‘logout’ and try again
Instructions to find/delete bad user record(s) in the SF User Table:
Here are the instructions to find and delete the bad user record(s) in the SiteFinity User table, which then forces SF to create a new, fresh user record upon the next login. While deleting the user may sound odd/risky, it usually is perfectly safe. However, you should NOT delete the User records if you are using any extended functionality that requires a persistent SiteFinity User (e.g., SF forums or SF commerce or Roles that are hardcoded into the records). Very few Matrix clients do this, so this is typically not a concern.
— First, log into MatrixMaxx AMS and find the user who is reporting the issue. If they are missing an email address, you can stop there. But often it is an email change that caused the issue, so from the Individual Record, link into their Report section and into Change History. There will more than likely be a record of an email address change (or merge) at some point. Keep this info/page open and handy
— In a second tab or browser, Log in to the administrative backend function of the sitefinity CMS, typically your WWW domain /sitefinity/ (e.g., www.association.org/sitefinity/)
— In the upper navigation go to Administration -> Users
— Click ‘Search’ in the Users area to open the search box, and search for the bad user record(s). You probably need to do this twice (once searching for a new email and once searching for an old email) as there may be more than one bad record. One of these users will likely have a blank username.
— After conducting your first search by the new/current email and getting a result row, scroll to the far right of the user row to the ‘Actions’ dropdown and choose ‘Delete’
— Repeat this search and delete for an old email, as applicable
— Final step: test logging in by impersonating the user who was having issues and you should now be able to access the website and restricted content, properly. It is generally useful to make sure that you are successfully logged into both the AMS and the CMS
1. The simple test to determine if a user successfully logged into Matrix Maxx is to attempt to navigate to the profile edit page.
2. To determine if the Sitefinity login worked, attempt to navigate to /Sitefinity/. If the user is logged in you’ll see a message indicating that you don’t have permissions to view this page.
What if this troubleshooting doesn’t work?
If you can’t solve the issue yourself, please contact the Matrix Services team for assistantance.
Note: If the error is ‘not authorized’, we recommend you do further troubleshooting on that particular topic before contacting Matrix Group. Does the user have the right access groups in MatrixMaxx? Do they have the right Roles in the CMS? Has something CHANGED one of the names in MatrixMaxx to break the connection? (e.g., did someone change the name of the list, the name of the committee, the membership type name, etc.)