Alternative login form with Single Sign-On v2¶
Target Audience: Developers
Introduction¶
Using Single Sign-On v2 (SSO2) allows all implementing sites to have their own login forms. Implementing sites can alternatively leverage other applications SSO2 login forms if the other application supports it. Implementors of SSO2 can easily have all sites use a single, central, login form or even use Payways login form.
Requirements and limitations¶
User is not logged in on SSO2¶
- (A) The user browses to the web site. The web site has no knowledge about the user in its local session and determines that it has to identify the user to see if it is already logged into the SSO2 system. This is done by redirecting the user to the SSO2 systems identify-endpoint.
- (B) The users' UA is redirected to the SSO2 systems identify-endpoint which can not find a SSO2 session for the current user. The SSO2 system creates a new anonymous SSO session and redirects the users' UA to the web sites landing page.
- (C) The users' UA arrive at the web sites landing page with details about the new SSO2 session and which URI to forward the user to. The web site persists the SSO2 session details in its local session but the user is not logged in. The landing page redirects the users' UA to the supplied return URI.
- (D) The users' UA is redirected to the login form used with information on the URI to forward the user to after logging in.
- (E) The login form performs the required identify and authenticate operations and the user is redirected to the login forms' landing page to complete the login process.
- (F) The users' UA is redirected back to the URI supplied in step (D) when the login process is completed.
- (G) The users' UA arrive at the web site that requires login.
- (H) The web site does the session status operation using the SSO2 session from step (B).
- (I) The authorization ticket returned in step (H) is used to fetch an access token. The access token can be used to access the Payway API:s with the identity of the logged in user.
Using the PCP login form¶
The process described above can be applied when using the PCP login form. In step (D) use the addresses below with the query parameter "continue" to specify the URI that the user should be redirected to after logging in.
PCP login form addresses¶
login form address | Environment |
---|---|
https://my_organisation_id.payway-portal.stage.adeprimo.se/login?continue= | Stage |
https://my_organisation_id.portal.worldoftulo.com/login?continue= | Production |
User is logged in to SSO2¶
When the identify operation in step (C) signals that a user is already logged in to SSO2 please refer to this section.