Single
Sign-On is only supported on eSpaces that are enabled to use cookies.
See the property that allows an eSpace to use
cookies.Service Studio 5.1 Help
Single Sign-On
In applications designed using several eSpaces, you may share users and sessions between those eSpaces and allow a unified perception and behavior to the end-user. All of the eSpaces with this behavior are declared to have a Single Sign-On.
Single Sign-On
This feature enables end-users to gain automatic access to multiple eSpaces of the application once authenticated in one of them. Therefore, besides avoiding a login when accessing each eSpace, this feature provides a unified view of end-users and sessions: end-users shared by the unified eSpaces are stored in a central repository and the session is shared across all unified eSpaces.
Single
Sign-On is only supported on eSpaces that are enabled to use cookies.
See the property that allows an eSpace to use
cookies.
Using Single Sign-On
To set up the Single Sign-On you have to proceed as follows:
Identify the User Provider eSpace which provides end-users and sessions to other eSpaces: open the eSpace in Service Studio, set its Is User Provider property to 'Yes', and publish the eSpace.
Typically, the User Provider
eSpace is the one where user management is designed.
Identify the User Subscriber eSpaces that share end-users and sessions with the User Provider eSpace: open each one of the eSpaces and select the User Provider eSpace in the drop down list of the User Provider eSpace property.
In a Single Sign-On scenario, check out your unified eSpaces in Service Center: edit an eSpace and select the 'Single Sign-On' tab to see the User Provider eSpace and User Subscriber eSpaces.
How Users are Shared
The User Provider eSpace provides end-users to all of the unified eSpaces. In fact, end-users are stored in the User entity of the User Provider eSpace. Then, User Subscriber eSpaces fetch the end-user information from the User entity of the User Provider eSpace, instead of their own User entities which, in this situation, are ignored.
Single Sign-On mechanisms to login in any of the unified eSpaces are the same as for the rest of the platform. See authentication mechanisms.
How Sessions are Shared
The session is created the first time the end-user accesses the server to request a page of any unified eSpace. However, since the session is shared by the unified eSpaces, the first On Session Start action to be invoked is the one of the User Provider eSpace. Only then, if there is an On Session Start action in the requested eSpace, it is invoked.
From then on, the On Session Start actions of the User Subscriber eSpaces are invoked the first time each eSpace is accessed via a screen, web block, or public action.
In a Single Sign-On situation, there is only one session shared by the unified eSpaces which consists of all the session variables defined in these eSpaces. If you need to reference or change a session variable from another eSpace, you must use public actions, since there is no other way to add and remove session references between eSpaces.
Note that sharing session
variables through public actions only works for unified eSpaces of the
same set. Otherwise, as you will have different sessions, you will refer
to different variables from each eSpace. See Use
eSpace References.
See Also