Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Note

As of 11.0.14 / 11.6.0, LearningBuilder supports SSO via SAML. That is the preferred approach (when possible) because it does not require any custom integration programming in either LearningBuilder or the 3rd party system.

See SAML Identity Management and SAML SSO vs legacy Demographic Sync (DRAFT)

...

To implement Demographic Synchronization you will need:

  • An API endpoint (hosted by the identity provider) that LearningBuilder can call to obtain updated demographic data.

Visual Representation

The following diagram represents common scenarios for constructing the visual integration for single sign-on.

...

(TODO: diagram got corrupted at some point; should be recreated)

Figure 5.1. Illustrates the single sign-on path from a typical member profile.

...

The data flow for single sign-on authentication and navigation.

...

 (TODO: diagram got corrupted at some point; should be recreated)

Technical Specifications

Preliminary LearningBuilder configuration

...

App Config setting

Purpose

CustomLoginUrl

Users are redirected to this URL if they access a page in LearningBuilder without an active user session.

As part of SSO, this should normally be configured to redirect unauthenticated users back into the identity provider.

If not specified, the default value is /account/login

LogOffURL

Users are redirected to this URL when they log out of LearningBuilder.

As part of SSO, this should normally be configured to redirect back to the identity provider.

Note

Logging out of LearningBuilder will not log users out of the identity provider at the same time.

TokenSecretKey

A secret key, preferably something random, that is shared by both parties.

OutgoingTokenSecretKey

In most cases this should be the same as TokenSecretKey. It can vary in the event that the identity provider and the demographic data provider are different.

SSO is initiated from the 3rd party identity provider, where the user must already be logged in.

...

Code Block
https://<ClientId>.LearningBuilder.com/account/sso
  ?UniqueId=[UIDUniqueId]
  &t=[TimeStamp]
  &token=[Token]
  &SuccessURL=[SuccessURL]
  &FailureURL=[FailureURL]
  &bypassDemographics=[bypass]

Parameter

Explanation 

Comment 

UIDUniqueId

The identifier LearningBuilder Unique Identifier of the visitor attempting to sign on to LearningBuilder through the external system. 

See Secure Tokens

TimeStamp

A time stamp generated to establish the authentication token. 

See Secure Tokens

Token

The signed token.

See Secure Tokens

SuccessURL

Where to redirect after a successful login. This is useful if you want the user to land on a page other than their default landing page.  

A list of supported Success URLs is found on the Redirecting after SSO page. 

Optional.  If omitted, user is sent to their default landing page.

If this is not part of LearningBuilder, the provided URL must be fully qualified and start with HTTP:// or HTTPS://.

FailureURL 

The landing page of the external system when sign-in is not successful. 

Optional.  If not provided, the user will be taken to the default error page. 

bypassDemographics

Set to "true" to bypass the Demographic Synchronization Service.

Optional. Defaults to false.

...