Configure automatic connection when multiple SSO - Fluid Topics

Category
How To
Audience
public

Introduction

FT doesn't handle an automatic connection to a SSO, when more then one have been configured. A solution could be deployed when the customer have the possibility to define several aliases for a portal: acme.ft.net acme.antidot.net

or multiple path

acme.ft.net/Idp1 acme.ft.net/Idp2

Implementation

The implementation of a Javascript code that needs to be deployed in the custom JS feature.

The JS code can be retrieved here

Activation

Theses first lines are common to every kind of deploiement.

document.addEventListener('ft:pageopening', function (event) {
  checkSignInForm();
});

function checkSignInForm() {
  console.log('checkSignInForm');
  if (!document.querySelector('.auth-inner-form')) {
    return;
  }

  if (window.location.href.endsWith('/login?direct=true')) {
    document.querySelector('.auth-inner-form').style.display = 'block';
    return;
  }
  /*
  UNCOMMENT RELEVANT FUNCTION
  oneRedirection();
  RedirectionBasedOnFqdn();
  RedirectionBasedOnPath();
  */
}

One of the line "oneRedirection();", "RedirectionBasedOnDomain();" or "RedirectionBasedOnPath();" should be uncommented depending of your use case.

oneRedirection

This function should be used, when you have multiple SSO configured but that you wants just one to be used automatically. it's a simplification of the RedirectionBasedOnDomain or RedirectionFromURL function.

function oneRedirection() {
  const currentLocation = window.location.href;
  // Always redirect to the same SSO
  const realmID = 'TO_BE_REPLACED';
  window.location.href = `/api/authentication/sso/${realmID}/login?urlAfterLogin=${currentLocation}`;
}
the value "TO_BE_REPLACE" should be replace by the realmID to wich the user should be redirected to be authenticated RealmID could be retrieve in the User -> Authenticaton -> realms

RedirectionBasedOnFqdn

This function should be activated, when you have multiple SSO configured and each of them could be linked to a dedicated domain / alias like acme.ft.net or acme.antidot.net.

// Redirection to SSO depending of the FQDN (domain name)
function RedirectionBasedOnFqdn() {
  const currentLocation = window.location.href;
  // RealmId definition based on SSO configuration
  const realmID1 = 'TO_BE_REPLACED1';
  const realmID2 = 'TO_BE_REPLACED2';
  // switch based on the FQDN (domain name)
  if (window.location.hostname.includes('Fqdn1')) {
    window.location.href = `/api/authentication/sso/${realmID1}/login?urlAfterLogin=${currentLocation}`;
  } else if (window.location.hostname.includes('Fqdn2')) {
    window.location.href = `/api/authentication/sso/${realmID2}/login?urlAfterLogin=${currentLocation}`;
  }
}
Each TO_BE_REPLACED* should be replace by the RealmID hat could be retrieved in the admintration UI User / Authentication / Realms Tab.

This could led to the following JS 

document.addEventListener('ft:pageopening', function (event) {
  checkSignInForm();
});

function checkSignInForm() {
  console.log('checkSignInForm');
  if (!document.querySelector('.auth-inner-form')) {
    return;
  }

  if (window.location.href.endsWith('/login?direct=true')) {
    document.querySelector('.auth-inner-form').style.display = 'block';
    return;
  }
  RedirectionBasedOnFqdn();
}

// Redirection to SSO depending of the FQDN (domain name)
function RedirectionBasedOnFqdn() {
  const currentLocation = window.location.href;
  // RealmId definition based on SSO configuration
  const realmID1 = 'realmID1';
  const realmID2 = 'realmID2';
  // switch based on the FQDN (domain name)
  if (window.location.hostname.includes('acme.ft.net')) {
    window.location.href = `/api/authentication/sso/${realmID1}/login?urlAfterLogin=${currentLocation}`;
  } else if (window.location.hostname.includes('acme.antidot.net')) {
    window.location.href = `/api/authentication/sso/${realmID2}/login?urlAfterLogin=${currentLocation}`;
  }
}

RedirectionBasedOnPath

This function should be activated, when you have multiple SSO configured and each of them could be linked to a dedicated path, like acme.ft.net/Idp1 or acme.ft.net/Idp2

// Redirection to SSO depending of the path
function RedirectionBasedOnPath() {
  const currentLocation = window.location.href;
  // RealmId definition based on SSO configuration
  const realmID1 = 'TO_BE_REPLACED1';
  const realmID2 = 'TO_BE_REPLACED2';
  // switch based on the path
  if (window.location.pathname.startsWith('/path1')) {
    window.location.href = `/api/authentication/sso/${realmID1}/login?urlAfterLogin=${currentLocation}`;
  } else if  (window.location.pathname.startsWith('/path2')) {
    window.location.href = `/api/authentication/sso/${realmID2}/login?urlAfterLogin=${currentLocation}`;
  }
}
Each TO_BE_REPLACED* should be replace by the RealmID hat could be retrieved in the admintration UI User / Authentication / Realms Tab.

This could led to the following JS 

document.addEventListener('ft:pageopening', function (event) {
  checkSignInForm();
});

function checkSignInForm() {
  console.log('checkSignInForm');
  if (!document.querySelector('.auth-inner-form')) {
    return;
  }

  if (window.location.href.endsWith('/login?direct=true')) {
    document.querySelector('.auth-inner-form').style.display = 'block';
    return;
  }
  RedirectionBasedOnPath();
}

// Redirection to SSO depending of the path
function RedirectionBasedOnPath() {
  const currentLocation = window.location.href;
  // RealmId definition based on SSO configuration
  const realmID1 = 'realmID1';
  const realmID2 = 'realmID2';
  // switch based on the path
  if (window.location.pathname.startsWith('/Idp1')) {
    window.location.href = `/api/authentication/sso/${realmID1}/login?urlAfterLogin=${currentLocation}`;
  } else if  (window.location.pathname.startsWith('/Idp2')) {
    window.location.href = `/api/authentication/sso/${realmID2}/login?urlAfterLogin=${currentLocation}`;
  }
}