Single Sign On
Completed
It would be great to integrate a Single Sign On solution for OnApp to integrate with other management/billing system such as our in-house custom management system written in Rails.
We don't care particularly much what system it uses, but specifically
* Ability to click a link which automatically passes a token to log you in
* Attempts to login to the OnApp interface will automatically redirect off to a URL to sign in and then redirect back. This URL may optionally ask the user for a user/password, or if already logged in, simply return the token.
It's fine for these users to have to otherwise exist in OnApp, but handoff the authentication phase externally.
-
here is some sample code for how we'd like it to work...
// Customer SSO application
SECRET_KEY = 'XXXXXXXXXXXXXXXX'
timestamp = current_timestamp()
user_id = get_onapp_user_id()
hash = md5(user_id + '|' + timestamp + '|' + SECRET_KEY)
return redirect('http://$cloudURL/sso?user=' + user_id + '×tamp=' + timestamp + '&hash=' hash)
// Onapp user validation
user_id = GET['user_id']
timestamp = GET['timestamp']
hash = GET['hash']
SECRET_KEY = 'XXXXXXXXXXXXXXXX'
if timestamp > (current_timestamp() - 15 minutes)
and md5(user_id + '|' + timestamp + '|' + SECRET_KEY) == hash:
log_user_in(user_id)
else:
return 'validation failed'The secret key is set in the OnApp CP by an Admin and is used in the SSO application for the provider and it all works nicely...
Please sign in to leave a comment.
Comments
4 comments