Difference between revisions of "Single Sign-On"
| Line 6: | Line 6: | ||
This page provides technical details of each solution. | This page provides technical details of each solution. | ||
| + | Implementation of Single Sign On using either method requires configuration by both SmartSimple and the administrator of the system that will provide the authentication. Please contact your account manager or SmartSimple support for further information. | ||
| − | |||
There is no ongoing monthly or annual fee associated with use of SSO. Fees are for implementation only. | There is no ongoing monthly or annual fee associated with use of SSO. Fees are for implementation only. | ||
| + | |||
| + | ==SAML 2.0== | ||
| + | |||
| + | SmartSimple supports SAML ('''Security Assertion Markup Language''') 2.0 at the recipient end of an authenticated login. For example, the user will log into the client side system/infrastructure and then SSO into SmartSimple, not vice versa. | ||
| + | |||
| + | The client system will construct a base64-encoded SAML response object and send this to the user’s browser. The user’s browser will then be forwarded to the SmartSimple server. | ||
| + | |||
| + | The following ''Assertion'' attributes are used: | ||
| + | <ul><li>UID (client system’s unique user id) </li> | ||
| + | <li>Email (optional) </li> | ||
| + | <li>First name (optional) </li> | ||
| + | <li>Last name (optional) </li> | ||
| + | <li>Department (optional) </li> | ||
| + | <li>Roles (optional) </li> | ||
| + | <li>Language (optional) </li> | ||
| + | <li>RedirectURL (optional) </li></ul> | ||
| + | |||
| + | Note: Client must provide SmartSimple with a public key in base64-encoded X509Certificate format for digital signature validation. | ||
==See Also== | ==See Also== | ||
Revision as of 13:33, 5 May 2014
General Information
SmartSimple offers two methods of implementing Single Sign-On (SSO) integration:
- SAML 2.0
- Cipher encrypted reference
This page provides technical details of each solution.
Implementation of Single Sign On using either method requires configuration by both SmartSimple and the administrator of the system that will provide the authentication. Please contact your account manager or SmartSimple support for further information.
There is no ongoing monthly or annual fee associated with use of SSO. Fees are for implementation only.
SAML 2.0
SmartSimple supports SAML (Security Assertion Markup Language) 2.0 at the recipient end of an authenticated login. For example, the user will log into the client side system/infrastructure and then SSO into SmartSimple, not vice versa.
The client system will construct a base64-encoded SAML response object and send this to the user’s browser. The user’s browser will then be forwarded to the SmartSimple server.
The following Assertion attributes are used:
- UID (client system’s unique user id)
- Email (optional)
- First name (optional)
- Last name (optional)
- Department (optional)
- Roles (optional)
- Language (optional)
- RedirectURL (optional)
Note: Client must provide SmartSimple with a public key in base64-encoded X509Certificate format for digital signature validation.
