Beside the standard SAML/Kerberos/SPNEGO implementation of SSO, BellaDati offers custom and easy-to-implement way to achieve the SSO.

Prerequisites

  • installed BellaDati
  • configured BellaDati with oAuth and CORS filter
  • 3rd party application with option to recognize currently signed user

SSO Basic Flow

  1. 3rd party application obtains the accessToken for the service account over the REST API
  2. 3rd party application server executes “LOGIN_UNATTENDED” request REST API call and receives the request_id and request_code of the “user-login” request
  3. 3rd party application generates a link pointing to the BellaDati's front-end service processing the “user-login” request
  4. Execute XMLHttpRequest from the browser using the generated link
  5. BellaDati process the request and do the “unattended” user-login and set appropriate session headers

SSO Operations

Only Admin user is allowed to execute the domain level operations.


Create User Request

3rd party application application is supposed to do the following:

  1. obtains the accessToken and 
  2. issues the “LOGIN_UNATTENDED” request

Request structure:

URLhttp://belladati_host/api/users/${username}/requests
MethodPOST
Parameters
  • username : username of the user to log-in
  • request_type : LOGIN_UNATTENDED (other types: PASSWORD_SET, PASSWORD_RESET, UNLOCK_ACCOUNT, LOGIN)
Returns

request_id and request_code of the created “user-login” request

Example: 1544;RDQX1Qx9UokSf4n3KAVWgNClvrFUqncSZg7fK3gnVAfNIAOylN

ConstraintsUser request is valid for 30 seconds.

Refer to POST Create User Request for more details.

Process user login

3rd party application application is supposed to do the following:

  • receives the request_id and request_code of the “user-login” request (previous step)
  • generates a link pointing to the BellaDati's front-end service processing the “user-login” request
  • Link will be called from the client side using the AJAX

Request structure:

URLhttp://belladati_host/user/processRequest/{request_id}/{request_code}?redirect={redirect_url}
MethodGET
Parameters
  • request_id : id of the “user-login” request
  • request_code : security verification code of the request
  • redirect_url (optional) : URL to redirect to
ReturnsBellaDati processes the user login (sets JSESSIONID to the web browser) and returns OK or NOT_VALID;ERROR_MESSAGE. HTTP 200 in all cases.
  • No labels