The document outlines the steps to integrate single sign-on at Personal, which involves developing a login page that posts credentials to an SSO server, installing an agent on the web server to validate sessions and enrich HTTP headers, and using Java libraries to check for authenticated users by validating tokens from cookies. The agent manages user sessions, synchronizes personalization information with the SSO server, and ensures only authenticated users can access protected pages by validating tokens on every request.
The document outlines the steps to integrate single sign-on at Personal, which involves developing a login page that posts credentials to an SSO server, installing an agent on the web server to validate sessions and enrich HTTP headers, and using Java libraries to check for authenticated users by validating tokens from cookies. The agent manages user sessions, synchronizes personalization information with the SSO server, and ensures only authenticated users can access protected pages by validating tokens on every request.
The document outlines the steps to integrate single sign-on at Personal, which involves developing a login page that posts credentials to an SSO server, installing an agent on the web server to validate sessions and enrich HTTP headers, and using Java libraries to check for authenticated users by validating tokens from cookies. The agent manages user sessions, synchronizes personalization information with the SSO server, and ensures only authenticated users can access protected pages by validating tokens on every request.
(revised on 2013/02) The integration consists in two or three steps (it depends of yor site techno!ogy)" 1) A !ogin page or fra#e #st be deve!oped with these featres" a) $nfor#ation %e!ds" M&$&'() *$( and +A*T+,A bo- (on!y showed to csto#er at . th fai!ed atte#pt). b) /ro# this page yo do a post to 012 (,TT* *3&T M0&T 45 31$6$(AT5' $( +0&T3M51 413W&51 )" https"//sso.persona!.co#.ar/opena#/0$/2ogin with this data" i. $'To7en1" M&$&'( (+sto#er 2ine (#ber) ii. $'To7en2" *ersona! *$( iii. goto" 012 to redirect if !ogin is sccessf! (%rst page of yor site) iv. goto3n/ai!" 012 to redirect if !ogin is nsccessf! (csto# error page yo deve!op) v. rea!#" 1ea!# created for each app!ication) sa!!y 8/9app(a#e:; vi. $'To7en3" $f re<ested) +aptcha te-t typed by the +sto#er c) At 3 rd fai!ed atte#pt) sso server retrn a fai! response) para#eter &how+aptcha=tre and yo #st show a dyna#ica!!y generated +A*T+,A fro# this !in7" https"//sso.persona!.co#.ar/opena#/>captcha.>pg d) At 10 th atte#pt) csto#er *$( is b!oc7ed te#porary. e) $f !ogin is sccessf! redirection to 012 #entioned in step 1.b.iii. is !anched f) 5very va!idated page #st show a !ogin fra#e with persona!i?ed we!co#e #essage and !ogot btton f.e." 8We!co#e @ohn &#ithA.;. /or this prpose yo #st se http header enrich#ent operated by sso agent (&ee be!ow step 2.e) or >ava #ethods to obtain this variab!es (&ee be!ow step 3) g) When athentication is sccess) a coo7ie is generated in csto#er browser side. 2) A software agent (apache o >ava co#patib!e) #st be insta!!ed on yor web server to contro! each http re<est to yor site" a) The Agent captre http re<ests and add attribtes on http header i) $n @ava sites yo can se a sa#p!e code $ send yo (&ee be!ow step 3) to va!idate coo7ie) session and persona!i?ation variab!es ii) $n php sites yo #st chec7 coo7ie va!idity by posting this 012 https"//sso.persona!.co#.ar/opena#/identity/isTo7enBa!idC to7enid=9to7een saved in coo7ie: 1) $f to7en is va!id retrn as response boo!ean= tre 2) $f to7en is not va!id retrn http error .01 b)The Agent synchroni?e session and persona!i?ation infor#ation with sso server sing this r!" https"//sso.persona!.co#.ar/opena#/na#ingservice and #aintain a!ive csto#er session on sso server. c) Agent need a rea!# and password for synchroni?ation . *ersona! wi!! provide yo this infor#ation at the beginning of integration. d) Agent a!ter http header of a!! re<est adding persona!i?ation variab!es whi!e session is va!id and athenticated. Do can se this persona!i?ation variab!es for severa! prpose in yor site) and a!so for we!co#e #essage in !ogin/!ogot fra#e e) $f session e-pire for inactivity) agent can redirect re<est to !ogin page. (3T5" /or trob!es in so#e i#p!e#entations we donEt se any#ore the protected or nprotected 012 !ists spported by the agent) so the agent is on!y sed to #a7e header enrich#ent) synchroni?e persona!i?ation infor#ation and va!idate coo7ies. A!! pages #st be considered as nprotected. $n every page yo #st va!idate session and to7en if needed. Ba!es in persona!i?ation variab!es are inc!ded ato#atica!!y by the agent in http header) or can be obtained fro# the agent by >ava code $ attach be!!ow 3) $f yo are sing an app!ication server >ava co#patib!e yo #st se this procedre to chec7 for athenticated csto#ers" a) $n setp process the agent copy so#e !ibraries on !ib directory of app!ication server. The #ost i#portant is 8openssoc!ientsd7.>ar; b) When app!ication server is started each >ar #od!e wi!! be !oaded c) To chec7 session to7en" i) When ser !og on (as described in step 1 a coo7ie 8i*!anet'irectory*ro; wi!! be created ii) With this coo7ie va!e yo wi!! chec7 its va!idity with code $ send yo as sa#p!e. (see be!ow) iii) $f va!id) yo can obtain *ersona!i?ation variab!es. (see be!ow) // openssoc!ientsd7.>ar !ibraries i#port import com.iplanet.sso.SSOToken; import com.iplanet.sso.SSOTokenManager; import com.iplanet.sso.SSOException; //In code logic: //Variables for token management SSOTokenManager manager; SSOToken token; //Obtain manager instance and initialize ariable !it" cookie al#e //If cookie is inalid la#nc" SSOException //if cookie is alid personalization ariables m#st be initialized. tr$ % manager & SSOTokenManager.getInstance'(; token & manager.createSSOToken')E* V+*O, -E *+ .OO/IE i0lanet-irector$0ro1(; //0ersonalizatin ariables obtain token.get0ropert$')-atos*inea2ro*inea1(; 3 catc" 'SSOException e( % //cookie inalida 3