Single Sign-On Requirements for AccuCampus

Single Sign-On Requirements for AccuCampus

Introduction

The aim of this document is to explain how to integrate your own site or portal with AccuCampus. It also includes usage examples so you can get started faster.

This alternative access method would allow you to integrate AccuCampus into your portal, which supports a single log in into all your online services. This also simplifies account maintenance as users only need to know a single ID and password to log in to all your services.

For this to work, you need to import your users' data into AccuCampus. When the user signs in to your portal, they can click on a link that will take them to the AccuCampus website without having to sign in to AccuCampus. This is possible because your portal link will include a token that identifies your application and an ID that identifies your user.


How does it work?

To understand how the single sign-on authentication process works, let's take a look to the following diagram:

Single sign-on authentication process


Now, a user called ABC is using your web site, and is logged in. You might be using browser cookies or a parameter in the URL to know who is logged in across multiple requests.

When the user wants to access AccuCampus, the first thing he does is to ask your application about it. Your site is configured and can connect to AccuCampus using a public API, so it sends a request to get a new login token for the logged in user. Also in the request, your access key and the ID of the user using your site are sent. Optionally you can specify if the corresponding token should expire when the session is inactive or not (if this parameter is not specified the default account's configuration will be used).

AccuCampus authentication server gets the request and validates both the access key and the user ID; if they are correct a new login token is issued. After that, your site simply builds an URL pointing to AccuCampus web servers, which includes the login token.

For example, if the authentication token returned was:

DD4FE3F9-6128-43ff-A5B1-F35A467FBB82

Then the address where the user has to go will be something like this:

https://accucampus.net/?token=DD4FE3F9-6128-43ff-A5B1-F35A467FBB82

The final step is to redirect the user (client computer) to that address, and AccuCampus will recognize the token sent and let the user access the site.

Additional parameters might be added into the URL to customize the login. A forward (fwd) parameter can be specified; it's used to tell AccuCampus server which page is being requested. For example, you can tell AccuCampus to open the Users List page, reducing the need to click it on the menu.


Security Considerations

All requests between AccuCampus and the users and between AccuCampus and your servers can use HTTP Secure (HTTPS) to protect the data sent across the internet. The access key and the user ID are being protected this way.

The communication between your server and your site users should also use HTTP Secure for additional protection.

Important: Your access key lets you login as any user in AccuCampus without asking for the password. You must keep your access key protected, otherwise your information might be stolen. Reset your keys periodically to mitigate information risks.


ASP.NET example

If your site was built using ASP.NET you can enable your users to login to AccuCampus via single sign-on by creating a new page in your root directory. Download ASP.NET example


PHP example

If your site was built using PHP you can enable your users to login to AccuCampus via single sign-on by creating a new page in your root directory. Download PHP example


Single sign-on is not limited to sites built using ASP.NET or PHP only. These are just examples. You can authenticate your users to our system via single sign-on following the steps above by using any web development language/framework available.