DMSContainer Documentation > Built-In Modules > Single-Sign-On Module

Single-Sign-On Module

Introducing the Single-Sign-on module

Single sign-on (SSO) is an authentication scheme that allows a user to log in with a single username and password to any of several related, yet independent, software systems. DMSContainer provides the SSO Module which is the central authority of a SSO federated services.

Single-Sign-on Module Main Features

Token based authentication (JWT)
Centralize authentication process
Context (application) based authentication
Context and user context data definition

Token based authentication

SSO module uses a token to authenticate against a Context (an application or part of it). Using this token the SSO Module knows if user is granted. The token has an expiration time and cannot be tampered as it is signed like a JWT Token.

NewContext

Context based authentication and data

What is a context?

A Context is a scenario where the user will run into. The context could be an application or a part of it where authentication is required. A context can be provided with some data. This data are available for the logged in user only.

How Create a context

Open Administration Console and select “New Context”. Provide a name and data, as follow:

NewContext

And click on “Create” button to add the new context.

Context Data

DMS Administrator can add some data. These data are tied to the context and available for the logged-in user only. It is basically a JSONObject. All users logged in read the same data. Which data Context Data can hold?

Global System Configurations
- IP addresses
- Database connections info
System specific data ( threshold levels , admin roles etc)
Temporary Configurations (e.g. Maintenance Mode”)
Metadata about the Context

User Context Data

DMS Administrator user can add specific configuration per user. Open Administration Console and select Contexts menu to open the contexts list and context’s user list.

NewContext

To add user context data just click on “Add User To Context” button. DMS Administrator can add 2 kind of extra data to the user-context relation: System Data and User Data.

NewContext

System Data

DMS administrator has the right to write these data only. It holds specific configuration need for that user logged in to a particular context. In the example, user information.

User Data

Both user and DMS Administrator can changed these data. Typically this are user specific configuration chosen by the user himself.

SSO Module Proxy

To use SSO from your client you need to download a proxy. Open you browser and connect to your DMS server typing this url: https://localhost/info.

Your url may be different, change “localhost” with the right DMS Server location.

DMS proxies

DMS provides proxies for different languages. Please download “authrpc” proxy for Delphi language.

IsAuthForContext Proxy Method

This method allows you to get data context: context data, system data and user data.

function IsAuthForContext(const Token: string; SSOContextName: string): TJDOJsonObject;

Let’s discussing its parameters:

Token: it’s a string. This is the session token. Session token is returned by the proxy Login method.
SSOContextName: it’s a string. it’s the name of Context (case sensitive);

This function returns a JSON Object with the context data:

{
  "contextname": "",
  "username": "",
  "contextdata": {
    "title": "Application 2"
  },
  "id": 7,
  "iduser": 176,
  "idcontext": 4,
  "systemdata": {
    "first_name": "Peter",
    "last_name": "Parker",
    "age": 30
  },
  "userdata": {
    "userfolder": "c:\\PeterParker",
    "dateformat": "dd/mm/yyyy",
    "usenotifications": false,
    "knownlanguages": [
      "Italian"
    ]
  }
}

UpdateContextUserData Proxy Method

As mentioned earlier, userdata, can be modified by the user. UpdateContextUserData allows to update user data:

procedure UpdateContextUserData(const Token: string; const UserContextID: Int64; const UserData: 		       TJsonObject);

Let’s discussing its parameters:

Token: it’s a string. This is the session token. Session token is returned by the proxy Login method.
UserContextID: it’s an integer. It’s the ID returned by the IsAuthForContext method (see json above)
UserData: it’s a JSON Object with the user preferences.

Single-Sign-on - Custom Data

Visibility	Context Data	System Data	User Context Data
User	Read **	Read ***	Read/Write ***
Administrator	Read/Write	Read/Write	Read/Write

** All users enabled for that Context

*** Only the user where these data are defined

Full example

Full example code with all the features explained are available in the official samples provided.