Single sign on authentication settings
You can configure the Community Portal to use a third party trusted authentication service such as SharePoint.
How single sign on works
Single sign on uses a web service to allow community members to sign on using a third party application, such as SharePoint. This allows them to sign in to the Community Portal without needing to know a separate username and password for it.
The following example uses SharePoint as the trusted third party application:
- Users are directed to log in on the Community Portal Login page using their SharePoint username and password.
- The Community Portal Login page passes the credentials to SharePoint.
- SharePoint validates their username and password.
- SharePoint calls the Synergetic web service VendorAuthenticateWebService.LogInCommunityMember and passes in the user information and the SharePoint vendor token that identifies SharePoint as a trusted vendor.
- The Synergetic web service checks the vendor token against your database to make sure the SharePoint is a vendor you trust.
- The Synergetic web service logs the user into the Community Portal and returns a security token to SharePoint.
- The security token is added to the URL of each portal tab the user views so the Community Portal knows who is logged in and viewing the page. For example, *http://someschool.vic.edu.au/portal/stures.aspx?tok=32535CA0-FC40-4B2B-94AB-68380CB181F3*
The security token expires after a set time. After this point, the user needs to log in again to access the Community Portal. You can also call the VendorAuthenticateWebService.LogOutCommunityMember method to explicitly log out the user.
Setting up single sign on authentication
To configure the Community Portal for third party authentication, Synergetic need to create a record for the third party supplier in your database with a unique vendor token. This vendor token is used to identify trusted third party applications. This should not be confused with the vendor code, which is used by the Synergetic web service to retrieve the vendor token from your database. See TrustedVendor:Code configuration setting.
Contact Synergetic Management Systems to set up your portal for single sign on.
What you can do
What you can do... | See... |
---|---|
Define the page used for the single sign on authentication logic. | |
Define the page users are redirected to when authentication fails. | |
Display authentication details for debugging. | |
Customise how long third party authentication token remains valid before requiring users to log in again. | |
Define the code used to access the trusted vendor token in the database. | |
Determine whether SAML (Security Assertion Markup Language) authentication requests redirected to the identity provider (IDP) include the SAML request object. | UseSSOTargetURL configuration setting |
Define the URL of your web service and the page used for authentication. |