Single Sign-On with Registration

SSO for the Registration User Interface

This topic discusses how to implement the Single Sign-on (SSO) solution for a family of websites using the Registration User Interface. SSO is configured in the JavaScript settings that you implement for Registration. The following settings must be enabled on all sites within your SSO network:

The following script must also be added to the federateXdReceiver page:

There are several optional settings that may be enabled as well. The following example shows how to configure segments to create groups of sites between which to enable SSO:

Once a user has logged into one of your sites, Janrain will automatically log that user into any other SSO-enabled site that he or she visits. Both the onCaptureLoginSuccess and the ssoImplicitLogin events will fire with the ssoImplicitLogin property set to true to identify the login event with SSO. This will give you the option to treat logins via SSO differently.

SSO for the Registration APIs

This topic discusses how to implement the Single Sign-on (SSO) solution for a family of websites implemented using the Registration APIs only (rather than using the Registration user interface).

The library to enable SSO for Registration API implementations can be found here. You will need to load this file on any page that you wish to enable for SSO as described in the following steps:

1. On page load, run check_session to initiate login if the user session already exists:

Parameters for check_session:

Parameter Required/Optional Description
config Required An object containing the SSO configuration properties.
client_id Required The Capture client ID making the request.
flow_name Required Name of the flow.
flow_version Required Version of the flow.
locale Required Locale of the flow.
redirect_uri Required The fully-qualified URL of the Capture redirect URI for this site.
sso_server Required The fully-qualified URL of the SSO server.
xd_receiver Required The fully-qualified URl of the cross-domain receiver for this site.
bp_channel Optional The backplane channel ID. The default value is an empty string.
callback_failure Optional Function to call on failed set_login.
callback_success  Optional Function to call on successful set_login.
capture_error Optional Function called when a Capture error occurs.
capture_success  Optional Function to call on successful Capture response.
logout_uri Optional The fully-qualified URL of the logout page for this site. The default value is undefined.
refresh Optional Refresh login with Capture even if user currently has an active session. The default value is false.
response_method Optional Values are jsonp or redirect. The default value is jsonp.
response_type  Optional Values are code or token. The default value is token.
segment Optional Site-defined SSO segment as a string.
supported_segments Optional Dash-separated list of supported segments for this site.

If a user session exists, the user’s token, ID, and login preferences will be returned (as shown in the following example):

2. If the user session does not already exist, authenticate the user using one of the following API calls:

Sample response:

3. Run set_session using the SSO code returned from a successful authentication:

Parameters for set_session:

Parameter Required/Optional Description
code Required Capture SSO code reference.

4. After logging the user out, run end_session to log the user out of all sites. The logout feature is best-attempt, as the function relies on an open browser to complete the logout.

Parameters for end_session:

Parameter Required/Optional Description
callback Required Function to be called instead of redirecting to logout_uri.