Single Sign On
Last Update: 03/03/2023
How it works
The single-sign-on mechanism (SSO for short) allows an external system (called "client system" from now on) to authenticate an user into a Netstorming system.
The workflow is divided in two steps: in the step one there's a kind of "open authentication" to be performed by the client system against Netstorming system, on the second step the user will be redirected to the Netstorming site (or iframe) using the outcome of the authentication happened in step 1.
So, when a user already authenticated in the client system needs to be redirected to a Netstorming system, those things will happen:
- client server will authenticate with Netstorming webservice (see HERE for technical specification)
- once authenticated, client server will require an authentication TOKEN for its user, should be noted that:
- the user is already authenticated in client system
- client system knows something about this user in Netstorming system (more information later)
- Netstorming webservice will then returns a valid TOKEN for the user requested
- the TOKEN can be used in a GET request to authenticate the user in Netstorming system (see HERE for more info). From now on the user have a valid session in the Netstorming system, as if he had done a standard login
The two points in bold above needs to be well clarified:
- in order to authenticate with Netstorming webservice, it's required that client provides a valid API KEY generated into the TOWeRS system. More info about the creation of an API key can be found HERE
- client system needs to be able to indicate which user should be authenticated via TOKEN. There are two possibilities:
- Netstorming stores in the users of the system the same code that identifies the user in client system. This is called foreign code and more info about this field can be found HERE
- client system stores in its users the pair (actor,login) used in Netstorming for the specific user to authenticate
Depending on which solutions will be applied, client system should provide the correct identifiers along with the TOKEN request in order to allow to Netstorming to authenticate the correct user.