Sign up for our digest

web & app development
Hire Us
Home - Blog -

Single Sign-on Technology: How to Secure your Project

Single Sign-on Technology: How to Secure your Project

Custom Development
3 min read

03/09/2019

Nowadays, nearly every business has a lot of applications that require individual login credentials. How many times per day we log in and log out from the apps?

Moreover, passwords can create additional difficulties for users. Imagine you have dozens of passwords that you regularly required to update in order to comply with a privacy policy.

Luckily, there are technologies that can significantly simplify this process. In this article, we’ll tell you about one of these technologies and how we implemented it in our project.

Single sign-on, also known as SSO, relates to the technology for the user authentication process that allows accessing multiple applications with one set of user credentials.

To understand how this technology works, let’s compare a Traditional Web Authentication Process with a Single sign-on.

JetRuby Case Study

So here’s the flow:

  1. A user visits a website;
  2. They enter their login credentials;
  3. The system compares the entered credentials with one on file;
  4. If it was approved, the domain will store the credentials.

The steps 5-8 are practically the same as they repeat for different steps.

JetRuby Casestudy

The process of Single sign on technology looks like the following:

  1. The user goes to the website they want to visit;
  2. Due to the domain redirection, the user goes to a central Single sign on domain to login;
  3. The user enters the login credentials;
  4. The central SSO Domain submits the credentials to the authentication server for validating them;
  5. As soon as the credentials have been validated, the user will be redirected to the original website and embedded a token to guarantee their authentication;
  6. The embedded token will be used for an automatic user’s authentication by logging into the original website;
  7. The authentication token will be stored so that the user could safely access any website that shares the central SSO domain.

In case the user logs into Domain 2, the whole process will be the same. However, there’s no need for an additional set of credentials to log in as all the login attempts are made on the SSO Domain.

Main Terms:

  • Identity Provider (IdP) is a service that provides authentication, which result will be in the SAML format.
  • Service Provider (SP) is a web application that the user tries to access.

The Challenge

The project, where we successfully implemented SSO was a unique web application that offers a simple yet very effective solution to the ubiquitous and common problem of mispronouncing names. With its help, you can record and then save your name right on the website so that others could easily access and remember how to accurately say it. Used by some of the largest US universities and colleges like Stanford, Pepperdine, Xavier, Haverford etc., NameCoach successfully tackles the problem of unnecessary alienation and embarrassment that occur at the graduation ceremonies and other important events quite frequently. Currently, there are about 110,000 active website users.

Stanford University, who is one of Name Coach clients, asked us to implement SAML SSO for already existed IdP so that students could authenticate in NameCoach.

The Solution

For a precise work of SAML SSO, we needed to build between IdP and SP.

This means that IdP needs to store data, which was given by SP:

  • EntityID is a unique identifier for SP;
  • ACS URL (Assertion Consumer Service URL) is a url on which IdP needs to send SAML response after the successful authentication;
  • X509 certificate;
  • Attribute – a list of attributes that need to be transmitted in case of successful authentication.

IdP, in its turn, should provide the following for SP:

  • Certificate;
  • EntityID or Issuer – a unique IdP identifier;
  • SSO URL – url that initiates an authentication on the IdP side;
  • SLO URL – url that closes the user’s session.

We found a solution for the following challenges:

  1. We implemented an interface for adding the IdP settings;
  2. We added a necessary functionality for SAML SSO implementation from the SFside.

The Bottom Line

The implementation of User Interface and adding the IdP settings allowed a client to provide us with the settings for the SAML SSO implementation. In our turn, we did our best to make the application compatible with all requirements so that it could serve as a Service Provider.

For this purpose, we used OneLogin services for the developers. First, we generated a new certificate x509. Having used OneLogin gem, we implemented logic for Assertion Consumer Service that verifies SAML response from IdP and makes the logic after the successful authentication.

In order IdP could register our application as SP, we needed to provide it with metadata for SSO configuration. For this purpose, we also used gem with all the necessary classes that allow generating metadata with the given settings in xml format.

As a result, we integrated SAML SSO and unified its settings from a personal client’s account to a usual personal interface.

Editor's Choice

Post Image
Product & Design
6 min read
11/29/2023

Agile. The Ultimate Approach to Web Development?

Agile is not just one specific method, but a generic name for various frameworks and methodologies that conform to the Agile Manifesto document.…

Post Image
E-commerce
5 min read
08/03/2023

Top 4 Challenges of Migrating a Store from Shopify to Another Platform

Setting up an online store on a platform such as Shopify may be a good choice for small businesses. However, when your store’s…

Post Image
Product & Design
6 min read
11/22/2023

Designing Complex Web Applications: Secrets of Effective User Interaction

We at Jetruby love design; it’s one of our core areas of expertise. There are hundreds of applications that appear inconvenient and cause…

Get the best content once a month!

Once a month you will receive the most important information on implementing your ideas, evaluating opportunities, and choosing the best solutions! Subscribe
logo

Technologies

Ruby on Rails development Swift development services React JS development Kotlin development Kubernetes development AWS consulting Node JS development React Native app development Spree commerce Elixir web development

INDUSTRIES

Healthcare Education Social media Real estate E-commerce Marketplace Travel Logistics Health & Fitness Events Taxi booking Food delivery Finance Retail Productivity AgriTech

Custom software development

Discovery phase Web development Managed IT services App development

Agritech

Farming management
system

About Us

Company profile Leaderships Careers

Case studies

Portfolio

startups

For startups

Resources

Blog

LEGALS

Terms and Licenses Privacy Policy

CONTACT

+1 415-508-7706 535 Mission st, San
Francisco,CA 94105, USA

certificates

ISO 30414 (Human Capital) & ISO 10018 (People Engagement) compliance What is SOC2?

SOCIALS

© JetRuby Agency | dfg-logo
Open popup triger here

Contact Form

By submitting request you agree to our Privacy Policy

Open popup triger here
Join our community
Once a month you will receive the most important information on implementing your ideas, evaluating opportunities, and choosing the best solutions!
By submitting request you agree to our Privacy Policy