Using single sign-on

This article explains how to create a link to an external website that will automatically log an user, who is previously logged into Saurus CMS, into that external website. Setting it up is explained in detail below. At first a short overview of what to look for and who can change it:

  • registered user must be logged in at your Saurus CMS website (user)
  • your website must have a SSO Application describing an external website (admin)
  • user must have an account at that external website (user)
  • user must have set up his credentials for SSO Application (user / admin)
  • your website must have a link that specifies that SSO Application ID (editor / admin)
  • and of course the external website must be working (someone else)

For simplicity and clarity, this article uses Saurus CMS demo website (demo.saurus.ee) as the external website. Our goal is to automatically  log in to "sample-templates" part of the demo site.

 

Step 1. Find out how to log into external website

Finding out how to log into external website is done at the external website. In this example, go to demo.saurus.ee and you'll see it has user login option on front page. Locate the form with login data and find all the hidden input fields, as well as the form action at the top:

<form action="/index.php" method=post>
<table border="0" cellpadding="2" cellspacing="0">
    <tr>
        <td>Username:</td>

        <td><input type=text name=user value="demo" style="width:60" class=searchbox size=3></td>
    </tr>
    <tr>
        <td>Password:</td>
        <td><input type=password name=pass value="demo" style="width:60" class=searchbox size=3></td>
    </tr>
</table>
<input type=hidden name="op" value="login"><input type=hidden name="url" value="%2Feditor%2F%3Fid%3D27270"><input type=hidden name="id" value="27270"><INPUT type=submit value="Log in" class=searchbtn>

<input type="hidden" name="lang" value="1">
</form>

  

Step 2. Describe SSO application

Describing SSO application is done through admin section: open up the "Integration > SSO applications" page and click "New". Fill out the following form with data from previous step:

  • application name - something easily recognizable
  • login URL - external website address followed by the form action
  • request method - form method
  • username fieldname - name of the field where username is entered, in this case 'user'
  • password fieldname - name of the field where password is entered, in this case 'pass'
  • additional fields - full texts of other hidden fields in the same form as login information. Sometimes all the fields are not needed, like in this case. For Saurus CMS websites, the hidden parameter url is used to direct user to a specific page after successful login. This is why it's changed here, compared to the %2Feditor%2F%3Fid%3D27270 from above. Also, the syntax can be cleared up, but make sure you know which symbol is which.

Notice that Username fieldname and Password fieldname are the field names, not values. Do not enter any login details here!

 

Step 3. Create a link to SSO application

Creating a link to SSO application is done through editor section: create a new link and enter the following info into URL:

external.php?extop=app&sso_id=[your SSO application number]

You can find out your SSO application number from the SSO application list through admin section: open up the "Integration > SSO applications" page and it's the number in the first column. There can be more than one SSO application. Deleting an application does not change number on others, so your links will stay functional. (SSO application number is shown as of Saurus CMS version 4.6. In earlier versions you can look it up in database or hover mouse cursor over application name and look at the URL, the application number is "id=x".)

  

Step 4. User/admin selects SSO applications and provides login credentials

Selecting SSO applications and entering login credentials can be done by user on the registration form or by  admin in the admin area. This example shows admin side. It's done through admin section: open up "Tools > People" page, find the user and click "Change" on toolbar. Then navigate to Account tab, SSO applications appear at the bottom of screen. Check which application this specific user will use and enter his login details for that specific application. Only links to applications that are checked here and have the login info filled will work for this user.

  

Example 2. Creating single sign-on link to Google Docs

This is a short example on how to create a link that logs user in to Google Docs application.

  1. Set up SSO application:
    • login url - https://www.google.com/accounts/ServiceLoginAuth?service=writely
    • request method - POST
    • username fieldname - Email
    • password fieldname - Passwd
    • additional fields:

    2. <input type="hidden" name="continue" id="continue" value="http://docs.google.com/" />
    <input type="hidden" name="followup" id="followup" value="http://docs.google.com/" />
    <input type="hidden" name="service" id="service" value="writely" />
    <input type="hidden" name="nui" id="nui" value="1" />
    <input type="hidden" name="rm" id="rm" value="false" />
    <input type="hidden" name="ltmpl" id="ltmpl" value="homepage" />
    <input type="hidden" name="ltmpl" id="ltmpl" value="homepage" />
    <input type="hidden" name='rmShown' value="1" />
    <input type="hidden" name="asts" id="asts" value="">

  2. Create a link with URL: external.php?extop=app&sso_id=X  where X is the number of this application.
  3. Add this app to a user and enter login credentials, for example username: Saurus.Examples and password: saurus4thewin

 

Reminder

User has to be logged in to the Saurus CMS for the SSO links to work! The login credentials are connected to a user and the SSO applications are set up separately for each language.