SSO (Single Sign On)

This SSO implementation project was executed by Gizmeon’s Web development team and the solution was build with SAML.

Client :

The Single Sign On project was implemented for a retail client with more than 1000 stores worldwide

Project :

The project was implemented for their construction management portal which handles all the phases from Feasibility to Handover of the constructed site

Requirement :

Implement a Single Sign On solution with existing Google Business Account

Solution :

The solution was implemented using Java spring SAML extension. The SAML Identity Provider (IdP) was setup in the existing Google Suite.

We need to collect the service provider Setup information like an ACS URL, an Entity ID, and a start URL, which are all provided by the service provider and turn on SSO to the new SAML app. Also we need to we ensure that our user account email IDs match those in the domain. And we need to disable the encrypting and ensure that the Assertion is sent to Google in an unencrypted format so that it is readable by the Google service.

Details of SAML Architecture


 

The user agent is the web browser. The authentication sequence is as below :

⇒ When we access the resource on server, which is a service provider, it in turn checks to see if we are already authenticated in the system. If we are, it goes to point 7 and if not, the service provider starts the authentication process.

⇒ The service provider determines the appropriate identity provider and redirects to that provider — in this case, the single sign-on service.

⇒ Browser sends an authentication request to the SSO service and the service then identifies us.

⇒ The SSO service returns an XHTML document, which includes the authentication information needed by the service provider in a SAML Response parameter.

⇒ The SAML Response parameter is passed on to the service provider.

⇒ The service provider processes this response and creates a security context, i.e,  it logs us in — and then tells us where our requested resource is.

⇒ With this information, we can now request the resource we want to access again.

⇒ And the resource is finally returned.

Other Case Studies