Primal Launcher SSO is an app designed to make logging into apps easier. The use case is a common one. Specifically, the age old problem of multiple apps and multiple logins. This creates frustration for users, enforces poor password habits and chews through IT support time. Consequently, the solution is an SSO setup that will fix the problem once and for all.
In light of our previous experience in SSO, we set out to create a solution that our client could benefit from for years.
The identity provider (IdP) is responsible for providing authentication. In a nutshell, it receives a SAML request and if the credentials are valid, it sends back a SAML assertion. It uses Shibboleth 4 on a Windows Server 2016 VM with attention to the Java requirements.
The OAuth2 server’s job is provide authorization. In other words, determine what resources a user has access to. After successful authentication, the server will issue an access token for the launcher app to store. Furthermore, with this token users may use authorized business apps without the need to login. The OAuth2 server is a ASP.NET Core solution specific to the client.
Another app running on Windows Server 2016 HyperV VM. This piece of middleware connects to the launcher app, the IdP and the OAuth2. It will facilitate the exchange of secure info to multiple apps. Service Provider functionality is done through a Shibboleth IIS module that installs and generates metadata needed for the IdP. The OAuth2 client simply requests the token once a SAML Bearer assertion has been received from the IdP.
The Primal Launcher SSO application displayed is a white label .NET launcher used in a few projects. As a result, the code interfacing the SP is mostly the same across similar apps. Most important, it will store the OAuth2 access token and use it to access several apps within a company domain.
Over the years SSO has undoubtedly proved itself the be a useful tool. Not to mention every major tech company uses the brilliant technology. All things considered, SSO is great but not so simple to set up. Contact JB Software if you’re looking to make the transition.