Development Document
Feature Introduction
Single sign-on (SSO) is an authentication method that enables users to securely authenticate with multiple apps and websites by using just one set of credentials. SSO is one of the most popular solutions for integrate business.
Developing Procedure
Preparing for Developing Single Sign-On
1. Learn what you should know before developing.
a. What is single sign-on?
Single sign-on (SSO) is an authentication method that allows a user to use one set of login credentials to log into multiple related apps.
For example, you can access YouTube and Gmail as logged-in user by simply logging into Google.
b. What is IdP- and SP-initiated SSO?
- An identity provider (IdP) is an authentication center that stores user information. It establishes a session with the user in IdP-initiated authentication.
- A service provider (SP) is responsible for providing services to the end user. It requests authentication from an IdP to validate an authenticated user's access to an app.
For example, an IdP can be a company's employee system, and an SP can be Jodoo.
c. What is SAML?
Security Assertion Markup Language (SAML) is a protocol that enables SSO and allows IdPs to pass authorization credentials to SPs. It is integrated into many systems such as Windows AD and Apereo CAS.
d. What is JWT?
JSON Web Token (JWT) is a structured security token format to transmit information between parties. It contains encoded JSON objects, which include user-defined messages and some auxiliary validation fields, such as a signature, and expiry time.
2. Understand how it works.
SAML is an open XML standard used for exchanging identity verification information between SP and IdP. SAML 2.0, CAS, and custom APIs are all based on this protocol.
- Service Provider(SP): refers to Jodoo.
- Identity Provider(IdP): refers to an internal or third-party authentication system used by an enterprise.
When a user logs in via the IdP, they are authenticated using the IdP and then redirected to Jodoo. If the IdP identity cannot be verified, the user will be directed to the IdP login page for authentication before being redirected to Jodoo.
3. Know how to configure.
Jodoo supports single sign-on and acts as the SP during this process. Supposing the admin enables the single sign-on, when a non-logged-in member accesses Jodoo, Jodoo will redirect the request to the IdP address configured by the admin. If a member has logged in to the IdP, the IdP simply reads the user information in the session and returns it to Jodoo through configuration. Then Jodoo can identify the member and provide subsequent services. The process is as follows.
Configuration Method
Jodoo supports three SSO methods:
How to Configure | Description | Pros/Cons | Scenario |
SAML 2.0 | Abbreviated for Security Assertion Markup Language. It uses a unified IdP to verify the user's identity. Once the user is authenticated, the IdP returns the authenticated security assertion and user information to Jodoo. Jodoo then associates the user with its account system. | Pros: It is a widely adopted protocol. If the necessary functionality is already integrated, it can be configured and reused easily. SAML can be used with authentication service providers like OneLogin. Cons: If the required functionality is not already integrated, implementing SAML can be challenging. Users may need to develop their own integration layer, which can be complex and time-consuming. | Applicable to the scenario where the necessary functionality is already integrated, or users have a strong background knowledge. |
Custom API | A simplified SAML protocol that allows enterprise customers to modify their existing SSO interface to call services and return parameters according to Jodoo's requirements, and return authenticated user information to Jodoo to complete account association. | Pros: The protocol is designed to be user-friendly and straightforward, making it easy for developers to grasp and implement. Cons: Because it is a proprietary protocol specific to Jodoo, users need to develop their own integration layer to connect. | Applicable to the scenario where users develop custom interfaces to integrate with Jodoo. |
CAS | It allows users to access multiple apps while providing their credentials (such as username and password) only once to a central CAS (Central Authentication Service) server app. | Pros: It is a widely adopted protocol, making it compatible with various systems and platforms. Cons: If the required functionality is not already integrated, users may need to develop their own integration layer. | Applicable to the scenario where he necessary functionality is already integrated. |
If you encounter any problems, contact our Support Team.