Agriculture & Husbandry Solutions based on Ai & ML.
Learn more


Single Sign-on Technology: How to Secure your Project

Single Sign-on Technology: How to Secure your Project
Jetruby guide

The MOST complete Guide to Finding the Best Developer for your App.

bonus gift

Automated Developer Evaluation Matrix

Score every developer and hire the best one!

Developers Comparison Template

Most important decision-making information organized in one place.

Nowadays, nearly every business has a lot of applications that require individual login credentials. How many times per day we log in and log out from the apps?

Moreover, passwords can create additional difficulties for users. Imagine you have dozens of passwords that you regularly required to update in order to comply with a privacy policy.

Luckily, there are technologies that can significantly simplify this process. In this article, we’ll tell you about one of these technologies and how we implemented it in our project.

Single sign-on, also known as SSO, relates to the technology for the user authentication process that allows accessing multiple applications with one set of user credentials.

To understand how this technology works, let’s compare a Traditional Web Authentication Process with a Single sign-on.

JetRuby Case Study

So here’s the flow:

  1. A user visits a website;
  2. They enter their login credentials;
  3. The system compares the entered credentials with one on file;
  4. If it was approved, the domain will store the credentials.

The steps 5-8 are practically the same as they repeat for different steps.

JetRuby Casestudy

The process of Single sign on technology looks like the following:

  1. The user goes to the website they want to visit;
  2. Due to the domain redirection, the user goes to a central Single sign on domain to login;
  3. The user enters the login credentials;
  4. The central SSO Domain submits the credentials to the authentication server for validating them;
  5. As soon as the credentials have been validated, the user will be redirected to the original website and embedded a token to guarantee their authentication;
  6. The embedded token will be used for an automatic user’s authentication by logging into the original website;
  7. The authentication token will be stored so that the user could safely access any website that shares the central SSO domain.

In case the user logs into Domain 2, the whole process will be the same. However, there’s no need for an additional set of credentials to log in as all the login attempts are made on the SSO Domain.

Main Terms:

  • Identity Provider (IdP) is a service that provides authentication, which result will be in the SAML format.
  • Service Provider (SP) is a web application that the user tries to access.

The Challenge

The project, where we successfully implemented SSO was a unique web application that offers a simple yet very effective solution to the ubiquitous and common problem of mispronouncing names. With its help, you can record and then save your name right on the website so that others could easily access and remember how to accurately say it. Used by some of the largest US universities and colleges like Stanford, Pepperdine, Xavier, Haverford etc., NameCoach successfully tackles the problem of unnecessary alienation and embarrassment that occur at the graduation ceremonies and other important events quite frequently. Currently, there are about 110,000 active website users.

Stanford University, who is one of Name Coach clients, asked us to implement SAML SSO for already existed IdP so that students could authenticate in NameCoach.

The Solution

For a precise work of SAML SSO, we needed to build between IdP and SP.

This means that IdP needs to store data, which was given by SP:

  • EntityID is a unique identifier for SP;
  • ACS URL (Assertion Consumer Service URL) is a url on which IdP needs to send SAML response after the successful authentication;
  • X509 certificate;
  • Attribute – a list of attributes that need to be transmitted in case of successful authentication.

IdP, in its turn, should provide the following for SP:

  • Certificate;
  • EntityID or Issuer – a unique IdP identifier;
  • SSO URL – url that initiates an authentication on the IdP side;
  • SLO URL – url that closes the user’s session.

We found a solution for the following challenges:

  1. We implemented an interface for adding the IdP settings;
  2. We added a necessary functionality for SAML SSO implementation from the SFside.

The Bottom Line

The implementation of User Interface and adding the IdP settings allowed a client to provide us with the settings for the SAML SSO implementation. In our turn, we did our best to make the application compatible with all requirements so that it could serve as a Service Provider.

For this purpose, we used OneLogin services for the developers. First, we generated a new certificate x509. Having used OneLogin gem, we implemented logic for Assertion Consumer Service that verifies SAML response from IdP and makes the logic after the successful authentication.

In order IdP could register our application as SP, we needed to provide it with metadata for SSO configuration. For this purpose, we also used gem with all the necessary classes that allow generating metadata with the given settings in xml format.

As a result, we integrated SAML SSO and unified its settings from a personal client’s account to a usual personal interface.

Useful article?

Please share with your followers

Women working at a table

Great Insight on Need to Gain Organizational Buy-in for Digital Transformation

Chelsea Barnes of The Enterprisers’ Project emphasizes that “successful digital transformation requires adoption across your organization. She says that three-quarters of digital transformation initiatives are stuck in “pilot purgatory.” She…
The New Focus on the Human-Centric Organization Requires Enhanced Approach to HR Tech

The New Focus on the Human-Centric Organization Requires Enhanced Approach to HR Tech

The big reset during the pandemic is this movement towards human-centered leadership, human-centered management, and valuing employees as assets, not just labor and expense…and that means empowerment, development and investment
Saffron Cooks Success Story

Saffron Cooks: Success Story of a Food Delivery App

The vast majority of our clients are coming and originating directly from the USA (where basically every success story starts). This time, however, we received an inquiry from a Sweden…
Open Source Software

This is Why Your IT Business Should Support Open Source Software

Despite many pessimistic predictions, open source is popular as ever and continues to strengthen its position. But the real paradox is that many IT businesses today depend on solutions with…

Create a product for your customers