Difference between revisions of "Pass Through Authentication"

Revision as of 21:42, 17 August 2011

Pass Through Authentication (PTA) lets a user go straight to the platform from an organization's web page or application, without having to log in again.

How it Works

As part of an enterprise application, the user would like to visit a page hosted on the platform, without having to log in to the platform to see it. To accomplish that goal, the application sends a small SOAP message to the platform, in an HTTP request.

That message contains the information needed to log into the platform. Data in it is passed to an authentication server, which sends back a message saying that authentication has succeeded or failed, after which the user is directed to the appropriate page.

The URL of the Authentication Server and the URLs of the pages to visit in the event of success or failure are configured in the platform's Single Sign-On Settings.

Actions

	User...	Platform...	Your Organization's Web Service...
1.			Provides a web page or application
2.	Visits the page or application
3.	Clicks a link to go to a platform page
4.			Passes data to the platform's PTA service in the SOAP payload
5.		Receives data in the SOAP payload: Session ID (optional, but desirable) Login ID Passes data to the Authentication server
6.		Receives a success- or failure-report from the Authentication Server
7.		Redirects the user to the appropriate page.

Enabling Pass Through Authentication

Click Settings > Administration > Single Sign-On
Click the [Edit] button
For Single Sign-On Settings, choose Pass Through Authentication
Fill in the Pass Through Authentication Settings:
Third party Authentication Service URL

Location of the authentication service. The platform uses this URL to authenticate the USER, passing the appropriate pay load in the HTTP request.

Success page URL

The page the platform sends the user to when authentication succeeds.
If not specified, the default destination is the platform's home page.

Error page URL

The page the platform sends the user to when authentication fails.
If not specified, the default destination is the platform’s Login-error page.
Click [Save]

Message Formats

Initial Message Sent to the Platform

This message format needs to be delivered to the platform by the Application or web page.

Method

POST

URI

https://{domain}/networking/passThroughAuth

<?xml version="1.0" encoding="UTF-8" ?>
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
	<soapenv:Body>
		<LJAuthenticate xmlns="urn:authentication.soap.ws.longjump.com">
			<sessionID>...</sessionID>
			<loginID>...</loginID>
		</LJAuthenticate>
	</soapenv:Body>
</soapenv:Envelope>

where:

sessionID: The session ID of the user on the organization's website. Optional. It is passed on to the authentication service, so the authentication service can make use of it.
loginID: The user's login name on the platform--typically in the form of an emails address.

Messages Sent Between the Platform and Authentication Server

These message formats need to be processed and/or delivered by the Authentication Server.

Message sent from the platform to the Authentication Server

The Authentication Service reads this request and authenticates the user.

Method: POST
URI: Configured in the Single Sign-On Settings

<?xml version="1.0" encoding="UTF-8" ?>
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
	<soapenv:Body>
		<LJAuthenticate xmlns="urn:authentication.soap.ws.longjump.com">
			<sessionID>123HJHDSF9593454</sessionID>
			<originatingDomain>www.paasservice.com</originatingDomain>
			<originatingIp>1.2.3.4</originatingIp>
			<loginID>userLogin@Login.com</loginID>
		</LJAuthenticate>
	</soapenv:Body>
</soapenv:Envelope>

where:

originatingDomain: Name of the Domain the request originally came from
originatingIp: IP Address of the domain the request originally came from
sessionID: Passed on from the original request
loginID: Passed on from the original request

Authentication-Succeeded response

Authentication-Failed response

@@ Line 70: / Line 70: @@
 :;sessionID:The session ID of the user on the organization's website. Optional. It is passed on to the authentication service, so the authentication service can make use of it.
 :;loginID: The user's login name on the platform--typically in the form of an emails address.
 ====Messages Sent Between the Platform and Authentication Server====
 These message formats need to be processed and/or delivered by the Authentication Server.
-;:
+;Message sent from the platform to the Authentication Server:
+:The Authentication Service reads this request and authenticates the user.
+:;Method:POST
+:;URI:Configured in the [[Single Sign-On]] Settings
 :<syntaxhighlight lang="xml" enclose="div">
+<?xml version="1.0" encoding="UTF-8" ?>
+<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
+	<soapenv:Body>
+		<LJAuthenticate xmlns="urn:authentication.soap.ws.longjump.com">
+			<sessionID>123HJHDSF9593454</sessionID>
+			<originatingDomain>www.paasservice.com</originatingDomain>
+			<originatingIp>1.2.3.4</originatingIp>
+			<loginID>userLogin@Login.com</loginID>
+		</LJAuthenticate>
+	</soapenv:Body>
+</soapenv:Envelope>
 </syntaxhighlight>
+:where:
+::;originatingDomain:Name of the Domain the request originally came from
+::;originatingIp:IP Address of the domain the request originally came from
+::;sessionID:Passed on from the original request
+::;loginID:Passed on from the original request
-;:
+;Authentication-Succeeded response:
 :<syntaxhighlight lang="xml" enclose="div">
 </syntaxhighlight>
-;:
+;Authentication-Failed response:
 :<syntaxhighlight lang="xml" enclose="div">
 </syntaxhighlight>

Search

where to start

Feedback

customize and design

resources

Tools

Personal tools