SSO (Single Sign-On) is a centralized authentication mechanism in which the client application fully delegates authentication to a trustworthy external service.
This has two main advantages:
-
The client application (for example, Fluid Topics) delegates the verification of the user's password to the SSO mechanism.
-
In an ecosystem of applications sharing the same SSO mechanism, the user will be invited to authenticate only the first time. For future logins, they can authenticate almost instantaneously without any need to re-enter a password.
The complete SSO authentication process is as follows:
-
The user's browser is redirected to the SSO login page.
-
Once authenticated, the user is redirected back to a Fluid Topics callback page by the SSO mechanism.
-
Fluid Topics handles security verifications to ensure that the values given by the SSO are trustworthy.
-
Fluid Topics informs the authentication window that the user is now authenticated.
-
The original window is updated and indicates that the user is recognized.
It is possible to implement an SSO authentication mechanism according to a variety of protocols and frameworks. Fluid Topics supports the most common ones as follows:
Fluid Topics supports Just-in-Time (JIT) provisioning.