Example: external system single sign-on

Consider the following example of a single sign-on configuration:

• The external system has set of user accounts synchronized with the Platform tenant.
• The external system uses HTTP session IDs created during user login.
• The logged-in user of the external system should be able to access the Platform tenant without entering a login name and password.

To accomplish this, first create a link on an external system page:

https://{!hostName}/router/servlet/Router?act=login&loginName={!userName}&password={!sessionId}

where:

• {!hostName} is the host name of Platform installation, for example,www.infiniteblue.com .
• {!userName} is the user name of the Platform user account (presumably shared with the external system).
• {!sessionId} is the session ID of the Platform instance.

Although the URL uses the parameter password, the actual password is securely stored in the external system and is not exposed.

Next, configure the Platform tenant to use external authentication through an HTTP GET or HTTP POST request. The request will include a user name and session ID supplied in the URL above. The external system must verify that both values are valid and that they correspond to each other.

If these conditions are met, upon clicking the constructed URL, the user of the external system can access the Platform instance without a need to enter a password, which remains securely stored in the external system.