Note |
---|
As of 11.0.14 / 11.6.0, LearningBuilder supports SSO via SAML. That is the preferred approach (when possible) because it does not require any custom integration programming in either LearningBuilder or the 3rd party system. See SAML Identity Management and SAML SSO vs legacy Demographic Sync (DRAFT) |
...
To implement Demographic Synchronization you will need:
An API endpoint (hosted by the identity provider) that LearningBuilder can call to obtain updated demographic data.
Visual Representation
The following diagram represents common scenarios for constructing the visual integration for single sign-on.
...
(TODO: diagram got corrupted at some point; should be recreated)
Figure 5.1. Illustrates the single sign-on path from a typical member profile.
...
The data flow for single sign-on authentication and navigation.
...
(TODO: diagram got corrupted at some point; should be recreated)
Technical Specifications
Preliminary LearningBuilder configuration
...
App Config setting | Purpose | ||
---|---|---|---|
| Users are redirected to this URL if they access a page in LearningBuilder without an active user session. As part of SSO, this should normally be configured to redirect unauthenticated users back into the identity provider. If not specified, the default value is | ||
| Users are redirected to this URL when they log out of LearningBuilder. As part of SSO, this should normally be configured to redirect back to the identity provider.
| ||
| A secret key, preferably something random, that is shared by both parties. | ||
| In most cases this should be the same as |
SSO login link
SSO is initiated from the 3rd party identity provider, where the user must already be logged in.
...
Code Block |
---|
https://<ClientId>.LearningBuilder.com/account/sso ?UniqueId=[UIDUniqueId] &t=[TimeStamp] &token=[Token] &SuccessURL=[SuccessURL] &FailureURL=[FailureURL] &bypassDemographics=[bypass] |
Parameter | Explanation | Comment |
---|---|---|
| The identifier LearningBuilder Unique Identifier of the visitor attempting to sign on to LearningBuilder through the external system. | See Secure Tokens. |
| A time stamp generated to establish the authentication token. | See Secure Tokens. |
| The signed token. | See Secure Tokens. |
| Where to redirect after a successful login. This is useful if you want the user to land on a page other than their default landing page. A list of supported Success URLs is found on the Redirecting after SSO page. | Optional. If omitted, user is sent to their default landing page. If this is not part of LearningBuilder, the provided URL must be fully qualified and start with HTTP:// or HTTPS://. |
| The landing page of the external system when sign-in is not successful. | Optional. If not provided, the user will be taken to the default error page. |
| Set to "true" to bypass the Demographic Synchronization Service. | Optional. Defaults to false. |
...