meta data for this page
The aim of this document is to explain how to integrate your own site or portal with AccuCampus. It also includes usage examples so you can get started faster.
This alternative access method would allow you to integrate AccuCampus into your portal, which supports a single log in into all your online services. This also simplifies account maintenance as users only need to know a single ID and password to log in to all your services.
For this to work, you need to import your users' data into AccuCampus. When the user signs in to your portal, they can click on a link that will take them to the AccuCampus website without having to sign in to AccuCampus. This is possible because your portal link will include a token that identifies your application and an ID that identifies your user.
How does it work?
To understand how the single sign-on authentication process works, let's take a look to the following diagram:
Now, a user called ABC is using your web site, and is logged in. You might be using browser cookies or a parameter in the URL to know who is logged in across multiple requests.
When the user wants to access AccuCampus, the first thing he does is to ask your application about it. Your site is configured and can connect to AccuCampus using a public API, so it sends a request to get a new login token for the logged in user. Also in the request, your access key and the ID of the user using your site are sent. Optionally you can specify if the corresponding token should expire when the session is inactive or not (if this parameter is not specified the default account's configuration will be used).
AccuCampus authentication server gets the request and validates both the access key and the user ID; if they are correct a new login token is issued. After that, your site simply builds an URL pointing to AccuCampus web servers, which includes the login token.
For example, if the authentication token returned was:
Then the address where the user has to go will be something like this:
The final step is to redirect the user (client computer) to that address, and AccuCampus will recognize the token sent and let the user access the site.
Additional parameters might be added into the URL to customize the login. A forward (fwd) parameter can be specified; it's used to tell AccuCampus server which page is being requested. For example, you can tell AccuCampus to open the Users List page, reducing the need to click it on the menu.
All requests between AccuCampus and the users and between AccuCampus and your servers can use HTTP Secure (HTTPS) to protect the data sent across the internet. The access key and the user ID are being protected this way.
The communication between your server and your site users should also use HTTP Secure for additional protection.
Important: Your access key lets you login as any user in AccuCampus without asking for the password. You must keep your access key protected, otherwise your information might be stolen. Reset your keys periodically to mitigate information risks.
Setup your single sign-on settings in AccuCampus by clicking:
If your site was built using ASP.NET you can enable your users to login to AccuCampus via single sign-on by creating a new page in your root directory. Download ASP.NET example
If your site was built using PHP you can enable your users to login to AccuCampus via single sign-on by creating a new page in your root directory. Download PHP example
Single sign-on is not limited to sites built using ASP.NET or PHP only. These are just examples. You can authenticate your users to our system via single sign-on following the steps above by using any web development language/framework available.
Setup Single Sign-On
How to Access: Advanced Options > Settings > Single Sign-On.
Purpose: This area is used to Manage a Single-Sign-On procedure.
Single Sign-On Menu
After clicking on Setup single sign-on you will be taken to the single sign-on menu where you can customize how to you want to automate logging users in.
- Reset Key - Please use this option to reset your Access Key.
- Redirect URL - Please type-in the Redirect URL.
- Session expires when inactive -
- Enabled - Please use this option to enable SSO.
- SAVE - Use this button to save all information.
- CANCEL - Use this button to go back to previous screen without saving.
SAML Single Sign-On
SAML-based single sign-on is now available! To set this up please go to your Account Settings > Single Sign-On > SAML sign-sign on.
- Enabled - Please use this option to enable SAML Single Sign-On authentication in your account.
- Server URL - Please type-in the Redirect URL.
- Certificate - Get your identity provider's certificate and paste it here. Remember to maintain the BEGIN and END certificate delimiters.
- Session expires when inactive- Specifies whether the session expires after being idle for the time specified in the “session timeout setting”.
- Logout URL- Users will be redirected to this URL when they logout.
- Login Error URL - Users will be redirected to this URL if there's an error at login. The error message will be sent in the query string using the parameter name defined below.
- Error Parameter Name- This is the parameter name used to send the error message in the query string.
- SAVE BUTTON - Please click this option to save the configuration.
- CANCEL BUTTON - Please click this option to cancel and rollback without saving.