Single Sign-On with Social Login

These instructions describe how to implement the Single Sign-On solution for a family of websites using Social Login only. You will need the following configuration information:

Configuration Parameters Provided By Description
<Federate SSO URL> Janrain The URL to the Janrain Single Sign-On server.
<Token URL> Customer The callback URL on your site that will receive the authentication token.
<XD Receiver URL> Customer A static page on your site used to securely pass the authentication token to the Token URL.
<Logout URL> Customer A page on your site that logs the user out of all SSO-enabled sites. If you do not have a logout URL, you must set this to null.
<Segment> Customer OptionalThe name of the segment to which the site belongs. Sites on the same domain must use the same segment. The name may only include alphanumeric characters, with no spaces, slashes, or other special characters.
<Supported Segments> Customer Optional—A comma-separated list of segments that the site allows SSO from in addition to the defined <Segment>.

Step 1: Set Up Token URL

After a user signs in (or is automatically signed in through SSO), Janrain sends a token to a callback on your website. This is known as the token URL, which you will have set up for your Social Login implementation.
This code sample shows how to set up a token URL.

Step 2: Set Up XD Receiver URLs

Each site needs to host a static XD receiver (cross-domain receiver) page, which is used to securely pass the token to the token URL through JavaScript. The page is never visible to the end user. The XD receiver page for each site should reside on the same domain as the main site, or Single Sign-On may not work in some browsers.

The following code must be included on the XD receiver page:

<html>
<script src="https://d1v9u0bgi1uimx.cloudfront.net/static/xd_receiver.js" type="text/javascript"></script>
</html>

Step 3: Enable Single Sign-On

Once a user has logged in to one of your sites, Janrain will automatically log that user into any other SSO-enabled site that he or she visits. Place the scripts below in the <head> section of each page on your sites to configure SSO (substituting the appropriate URLs as described in the previous table).

Sample Configuration

<script src="https://d1v9u0bgi1uimx.cloudfront.net/sso.js" type="text/javascript"></script>
<!--Do not modify the above URL-->
<script>
JANRAIN.SSO.ENGAGE.check_login ({
  sso_server: 'https://example.janrainsso.com',
  token_uri: 'https://mysite.com/tokenUrl.php',
  xd_receiver: 'https://mysite.com/xd_receiver.html',
  // If no logout URL is required for the site, set logout_uri to null
  logout_uri: 'https://mysite.com/logout.php',
  // If you are not using segments, remove the following two lines.
  segment: 'segment_1',
  supported_segment: 'segment_2, segment_3’
 });
</script>

Step 4: (Optional) Enable Single Sign-Off

Single Sign-On also provides Single Sign-Off functionality, ensuring that when a user logs out of one site, he or she is also logged out of all SSO-enabled sites. The configured <Logout URL> for each SSO-enabled site that the user visited will be loaded invisibly to run the Single Sign-Off logout function.

The following example shows how to create a Logout link that triggers automatic logout across all SSO-enabled sites.

<script>
  function my_logout() {
    JANRAIN.SSO.ENGAGE.logout({
      sso_server: 'https://example.janrainsso.com',
      logout_uri: 'https://mysite.com/logout.php'
    });
  };
</script>
<button onclick="my_logout()">Sign Out</button>

This logout function will redirect to the page you provide in the logout_uri parameter once it completes. Any site-specific logout logic should be placed in your logout_uri page. Placing any code after the Single Sign-Off logout script may introduce a race condition.