Difference between revisions of "Pass Through Authentication"
imported>Aeric |
imported>Aeric |
||
Line 2: | Line 2: | ||
===How it Works=== | ===How it Works=== | ||
As part of an enterprise application, the user would like to visit a page hosted on the platform, without having to log in to the platform to see it. To accomplish that goal, the application sends a small SOAP message to the platform, in an HTTP request. | |||
That message contains the information needed to log into the platform. Data in it is passed to an authentication server, which sends back a message saying that authentication has succeeded or failed, after which the user is directed to the appropriate page. | |||
The URL of the Authentication Server and the URLs of the pages to visit in the event of success or failure are configured in the organization's [[Single Sign-On Settings]]. | |||
====Actions==== | ====Actions==== | ||
Line 41: | Line 47: | ||
#Click '''[Save]''' | #Click '''[Save]''' | ||
{{#if: | UNCOMMENT THE NOTES ABOVE WHEN OVERRIDES ARE IMPLEMENTED.}} | {{#if: | UNCOMMENT THE NOTES ABOVE WHEN OVERRIDES ARE IMPLEMENTED.}} | ||
Revision as of 21:19, 17 August 2011
Pass Through Authentication (PTA) lets a user go straight to the platform from an organization's web page or application, without having to log in again.
How it Works
As part of an enterprise application, the user would like to visit a page hosted on the platform, without having to log in to the platform to see it. To accomplish that goal, the application sends a small SOAP message to the platform, in an HTTP request.
That message contains the information needed to log into the platform. Data in it is passed to an authentication server, which sends back a message saying that authentication has succeeded or failed, after which the user is directed to the appropriate page.
The URL of the Authentication Server and the URLs of the pages to visit in the event of success or failure are configured in the organization's Single Sign-On Settings.
Actions
User... Platform... Your Organization's Web Service... 1. Provides a web page or application 2. Visits the page or application 3. Clicks a link to go to a platform page 4. Passes data to the platform's PTA service in the SOAP payload 5. - Receives data in the SOAP payload:
- Session ID (optional, but desirable)
- Login ID
- Passes data to the Authentication server
6. Receives a success- or failure-report from the Authentication Server 7. Redirects the user to the appropriate page.
Enabling Pass Through Authentication
- Click Settings > Administration > Single Sign-On
- Click the [Edit] button
- For Single Sign-On Settings, choose Pass Through Authentication
- Fill in the Pass Through Authentication Settings:
- Third party Authentication Service URL
- Location of the authentication service. The platform uses this URL to authenticate the USER, passing the appropriate pay load in the HTTP request.
- Success page URL
- The page the platform sends the user to when authentication succeeds.
- Error page URL
- The page the platform sends the user to when authentication fails.
The default destination is the platform’s Login-error page.
- Click [Save]