Mountain View
Jabber SDK API Documentation

Tutorial: Single Sign On

Single Sign On

Single Sign On SSO (Single Sign On) feature exist in the broader context of service discovery. It also has somewhat different workflow then regular service discovery. The main difference is that user credentials are not submitted through LoginController.setCredentials() user is redirected to Identity Provider's authentication page where he/she can submit credentials for authentication. Once the user has authenticated, Identity Provider creates a token that should be then set through LoginController.setSSOTokenUri() method.

Before service discovery starts, following event handlers must be set: Redirect URL must be set and it must match the one set on CUCM. We do this through LoginController.setSSORedirectURL() method: 

        function onEmailRequired()
        {
            var email;

            //...
            // Prompt user for email here...
            //...

            cwic.LoginController.setEmail(email);
        }

        function onSSONavigationRequired(redirectURL)
        {
            // ...
            // Handle event here
            // ...
        }

        // This will be called from our redirection page when we receive SSO token.
        // We'll also add this to global window object so redirect page can reference it.
        function onSSONavigationComplete(SSOTokenURI)
        {
            // ...
            // Handle event here
            // ...
        }
        window.onSSONavigationComplete = onSSNavigationComplete;

        // In this example we'll assume that our application is running on localhost.
        // Both our web application and redirection page must have the same origin.
        cwic.LoginController.setSSORedirectURL("http://localhost:8000/redirect.html");

        cwic.LoginController.addEventHandler("onEmailRequired", onEmailRequired);
        cwic.LoginController.addEventHandler("onSSONavigationRequired", onSSONavigationRequired);
        cwic.LoginController.startDiscovery();
Once service discovery has started it will be followed with "onServiceDiscovering". Right after that "onEmailRequired" event will be fired, which will require from user to enter his email address. If email address is valid then "onSSONavigationRequired" event will be fired. Redirection must be done in a new browser window or iframe. In following example popup window will be used for redirection. onSSONavigationRequired() function from previous snippet will be expanded: 

         function onSSONavigationRequired(redirectURL)
         {
            window.open(redirectURL, '', 'height=200,width=200,scrollbars=1');
         }
Once popup window has been opened and user is navigated to redirection page, he'll be requested by Identity Provider to enter valid credentials. If credentials are valid he'll be redirected to redirection page (http://localhost:8000/redirect.html) that was specified through LoginController.setSSORedirectURL method. From there SSO token needs to be passed to CWIC. In the snippet bellow it is Demonstrated what script on redirection page should do: 

        var url = document.location.href;

        // Here we call callback we have set in the first snippet.
        window.opener.onSSONavigationComplete(url);
        window.close();
Below it is shown what needs to be done after callback from application has been called (onSSONavigationCompleted() function will be expanded) 

         function onSSONavigationComplete(SSOTokenURI)
         {
            // Here we finally pass SSO token to CWIC.
            cwic.LoginController.setSSOTokenUri(SSOTokenURI);
         }
After this user will be successfully signed in.

Canceling SSO

During SSO sign in process, which starts when "onSSONavigationRequired" event is fired and lasts until we pass SSO token URI to CWIC library, SSO procedure can be canceled by calling LoginController.cancelSSO() 

         cwic.LoginController.cancelSSO();

Next

Previous