Product Documentation

Implementing “SsoHandler” Interface

Dec 22, 2015
This method is used to achieve SSO by creating Cookies and/or by making direct login calls to Cloud Service. If the Cloud Service is running on the same domain or single level sub-domain then setting the cookies would be sufficient to achieve SSO. Cloud Service can extend the below interface to inject the cookies into the response object.
public interface SSOHandler { 
	 
  /* This method returns the SSO Object which contains list of Cookies that will be  
   * added to the response, and a string which will be used by the js file (The js  
 
    * file is provided by CloudConnector as part of meta data and injected into  
    * the UI) */ 
    public SsoObject handleLogin(User user); 
} 
 
public class SsoObject { 
  /* List of cookies to set */ 
  List<Cookie> getCookies(); 
 
  /* callback method to call (optional) */ 
  String getCallback(); 
 
  /* SSO JSON String to return (optional) */ 
  String getSSOString(); 
}
Sample Implementation of SSOHandler interface:
public class XaasSSOHandler implements SSOHandler { 
 
  @Override 
  public SsoObject handleLogin(User user) { 
    Cookie cookie = new Cookie("XAASUSER", "abcd-efgh"); 
    String ssoData = "{‘ssoData’:{'command':'login', 'signature':'qWErtYUiop/+='}}"; 
    ssoObject ssoObject = new SsoObject(); 
    ssoObject.getCookies().add(cookie); 
    ssoObject.setCallback(‘handleSSO’); 
    ssoObject.setSSOString(ssoData); 
    return ssoObject; 
  } 
}

Along with implementing the "SSOHandler" interface , the Cloud Service can optionally provide a javascript file as part of meta data which CPBM will inject into the UI just before the iFrame of Cloud Service. This javascript file will have the implementation of the callback method specified in the SSO object returned by SSOHandler, and this method will take input parameters as the SSO data from SSO Object and the URL of the Cloud service view along with a callback function to call. The callback method may then make a call to the target service to single sign on. Typically, this should be a JSON-P call.

Steps to SSO into Cloud Service:
  1. CPBM will inject the javascript, provided by the Cloud Service, into the UI.
  2. CPBM will make an AJAX call to the SSOHandler implementation.
  3. CPBM will set the cookies returned in the SSO Object into the response. If the cookies are intra domain and have the correct path for the target service to read, this may be sufficient to single-sign on. If not, the callback method mechanism (see below) offers additional options to achieve SSO.
  4. If callback property exists, CPBM will call the callback method as returned in the SSO Object, it will pass the SSO data and view URL as input parameters to the callback method.
  5. Callback method will make JSONP call to Cloud Service for login, and use the returned values to generate final view URL. It then calls the supplied callback function
A sample cloud service callback method is shown below:
function handleSSO(Var ssoData, Var iFrameURL, var callback){ 
  var finaliFrameURL; 
  $.ajax({url: "http://xaas.service.com/api/login", 
          dataType: 'jsonp', 
          data: ssoData.ssoData, 
          jsonp : "jsoncallback",  
          success: function(data) { 
            finaliFrameURL = iFrameURL + “&sessionKey=” + data.sessionKey; 
            callback(finaliFrameURL); 
	} 
  }); 
}
The interaction between CPBM and Cloud Service for achieving SSO is shown in the figure below:
Figure 1. Single Signon Process