Beside the standard SAML/Kerberos/SPNEGO implementation of SSO, BellaDati offers custom and easy-to-implement way to achieve the SSO.
Prerequisites
- installed BellaDati
- configured BellaDati with oAuth and CORS filter
- 3rd party application with option to recognize currently signed user
SSO Basic Flow
- 3rd party application obtains the accessToken for the service account over the REST API
- 3rd party application server executes “LOGIN_UNATTENDED” request REST API call and receives the request_id and request_code of the “user-login” request
- 3rd party application generates a link pointing to the BellaDati's front-end service processing the “user-login” request
- Execute XMLHttpRequest from the browser using the generated link
- BellaDati process the request and do the “unattended” user-login and set appropriate session headers
SSO Operations
Only Admin user is allowed to execute the domain level operations.
Create User Request
3rd party application application is supposed to do the following:
- obtains the accessToken and
- issues the “LOGIN_UNATTENDED” request
Request structure:
URL | http://belladati_host/api/users/${username}/requests |
---|---|
Method | POST |
Parameters |
|
Returns | request_id and request_code of the created “user-login” request Example: 1544;RDQX1Qx9UokSf4n3KAVWgNClvrFUqncSZg7fK3gnVAfNIAOylN |
Constraints | User request is valid for 30 seconds. |
Refer to POST Create User Request for more details.
Process user login
3rd party application application is supposed to do the following:
- receives the request_id and request_code of the “user-login” request (previous step)
- generates a link pointing to the BellaDati's front-end service processing the “user-login” request
- Link will be called from the client side using the AJAX
Request structure:
URL | http://belladati_host/user/processRequest/{request_id}/{request_code}?redirect={redirect_url} |
---|---|
Method | GET |
Parameters |
|
Returns | BellaDati processes the user login (sets JSESSIONID to the web browser) and returns OK or NOT_VALID;ERROR_MESSAGE. HTTP 200 in all cases. |
Overview
Content Tools