Single sign-on is an authentication scheme that allows your users to log in to our platform with a single ID that you may already be using elsewhere. True single sign-on allows the user to log in once and access services without re-entering authentication factors in several different systems. Once opted in, our platform allows you to choose how you want to log in - either using the standard login method or your new single sign-on module.
Our single sign-on has support for features of SAML 2.0 (specifically sending a SAML Request and receiving a SAML Response), providing you are able to act as an identity provider for our application.
In order to support both SSO and regular users, we'll need to be able to determine which end-users Reseller should help identify. To do this, we could use a custom domain for the SSO customers (thus assuming that all visitors to that domain should be validated by Reseller), or make sure that they enter the site on a specific URL (example.com/sso/customer/login). If applicable, we could configure IP intervals to determine which identity provider to use.
In order to process the end-user correctly in the shop, the SAMLResponse should contain attributes that will uniquely identify the customer. The first time the end-user is logged into the shop, a customer will be created in the background, using this identifier. The more information we can receive in these attributes, the better. Any missing information which the shop requires to accept an order (addresses, emails, etc) would need to be filled out by the end-user after the account has been created.
On subsequent logins, the end-user will automatically be logged in with the customer who was previously created, as long as the unique identifier remains the same.
In the module we use the OpenSource Software Shibboleth. Shibboleth is runned on Apache webserver, which will also be installed.
The SSO base functionality supports multiple customer integrations but every customer using this service needs specific adjustments and tests.
2021-06-15 - We now also support simple SSO login through Azure and Google with OAuth2.
Breadcrumbs
SSO (SingleSignOn)
-Additional feature -
Single sign-on is an authentication scheme that allows your users to log in to our platform with a single ID that you may already be using elsewhere.
True single sign-on allows the user to log in once and access services without re-entering authentication factors in several different systems.
Once opted in, our platform allows you to choose how you want to log in - either using the standard login method or your new single sign-on module.
Our single sign-on has support for features of SAML 2.0 (specifically sending a SAML Request and receiving a SAML Response), providing you are able to act as an identity provider for our application.
In order to support both SSO and regular users, we'll need to be able to determine which end-users Reseller should help identify.
To do this, we could use a custom domain for the SSO customers (thus assuming that all visitors to that domain should be validated by Reseller),
or make sure that they enter the site on a specific URL (example.com/sso/customer/login). If applicable, we could configure IP intervals to determine which identity provider to use.
In order to process the end-user correctly in the shop, the SAMLResponse should contain attributes that will uniquely identify the customer.
The first time the end-user is logged into the shop, a customer will be created in the background, using this identifier.
The more information we can receive in these attributes, the better.
Any missing information which the shop requires to accept an order (addresses, emails, etc) would need to be filled out by the end-user after the account has been created.
On subsequent logins, the end-user will automatically be logged in with the customer who was previously created, as long as the unique identifier remains the same.
In the module we use the OpenSource Software Shibboleth. Shibboleth is runned on Apache webserver, which will also be installed.
The SSO base functionality supports multiple customer integrations but every customer using this service needs specific adjustments and tests.
2021-06-15 - We now also support simple SSO login through Azure and Google with OAuth2.