Versions Compared

Version Old Version 2 New Version 3
Changes made by

Tony Erskine

Tony Erskine

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

For most implementations, single sign-on is not necessary because CloudCard's secure login links provide excelent security with the least possible user friction, which increases user adoption.  However, in some cases SSO is required for IT compliance. 

Cloud SSO

CloudCard can implement SSO in the Cloud for most major identity providers including CAS, Shibboleth, and ADFS.  However, there are an associated implementation and annual service fees.

On-Premises SSO

Because CloudCard uses a stateless, token-based authentication protocol, implementing SSO on premises is relatively trivial. In most cases, CloudCard can provide an authentication connector for your organization to host on-premise.

Displayed to the right is a simplified diagram of how a CloudCard SSO Auth Connector works.  The authentication connector is highlighted in red.  The exact implementation of a connector (i.e. PHP, JavaScript, ColdFusion, Java) depends on the customer's preferences.

Below an example of a connector is displayed in pseudocode to further explain the process.

Code Block
languagejs
titleSample Connector
/**
 * This connector should run on the server - NOT in a webpage
 * or any other client-side technology.
 */
const CLOUDCARD_API_ACCESS_TOKEN // CloudCard provides this

// cardholder data
var cardholderEmail //required
var cardholderIDNumber cardholder = {
  email : "",
  cardholderIDNumber: "" //optional; but highly recommended
  varcustomFields : customField1{ //optional
car
    customField1 : "",
    customField2 //optional : "",
    ...
    customFieldN : ""
  }
}

/**
 * This function loads cardholder data from the session,
 * a database, LDAP, or wherever is most convenient.
 */
function loadCardholderData () {
  // this is written by the customer
}

/*** EVERYTHING BELOW THIS LINE IS ALREADY ***/
/*** WRITTEN AND PROVIDED BY CLOUDCARD ***/

/**
 * sends a GETPOST request to CloudCard to request toaccess CloudCardfor
  * requesting athe cardholder by email address.
 */
function getCardholdergetLoginLink(var cardHolder) {
  // see Developer Docs: https://sharptop.atlassian.net/wiki/spaces/CCD/pages/15859788/Get74088466/Generate+a+login+link+for+a+Person
}user
}

var loginLink = getLoginLink (cardHolder)

// Finally redirect the user to the URL or return the URL
// to the view to be presented to the cardholder as a link
return loginLink;


Simplified SSO Integration Diagram