Skip to end of banner
Go to start of banner

Single Sign-On (SSO) API

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 8 Next »

As of 11.0.14 / 11.6.0, LearningBuilder supports SSO via SAML. That is the preferred approach (when possible) because it does not require any custom integration programming in either LearningBuilder or the 3rd party system.

See SAML Identity Management and SAML SSO vs legacy Demographic Sync (DRAFT)

The single sign-on (SSO) API allows individuals to log in to other systems and use those credentials to access LearningBuilder™. Single sign-on is usually implemented in circumstances in which a customer has an existing member management system and wishes most interactions to take place within that system. The mechanism ensures individuals are able to access LearningBuilder™ directly from their membership profile without logging on to a separate system.

Single Sign-On Implementation

Implementation requires the following components:

  1. An ability for the AMS/CRM to send users to LearningBuilder™ (e.g., a link or button);

  2. A mechanism to generate an authentication token (see section 4);

  3. A mechanism to send token and user identity to LearningBuilder™ through a query string;

  4. A URL to redirect users to when sign-on succeeds (optional);

  5. A URL to redirect users to when sign-on fails (optional); and

  6. A URL to redirect users to when signing off.

Visual Representation

The following diagram represents common scenarios for constructing the visual integration for single sign-on.

Figure 5.1. Illustrates the single sign-on path from a typical member profile.

Data Flow

The data flow for single sign-on authentication and navigation.

 

Technical Specifications

The following technical specifications define the means by which to log on to LearningBuilder™ from an external system.

Logging in from the external system

If the sign-in succeeds, LearningBuilder™ will execute a demographic synchronization if a Demographic URL is provided (see section 6) and then redirect the user to their LearningBuilder™ landing page. If the sign-in or demographic synchronization fails, LearningBuilder™ will redirect the user to a landing page on the external system.

To connect via single-sign on, the external system will need to construct a querystring with the following contents:

https://[YourSite].LearningBuilder.com/account/sso?UniqueId=[UID]&t=[TimeStamp]&token=[Token]&SuccessURL=[SuccessURL]&FailureURL=[FailureURL]&bypassDemographics=[bypass]

Component

Explanation 

Comment 

YourSite

A LearningBuilder™ sub-domain, usually the client’s acronym. 

Custom URLs are acceptable. 

UID

The identifier of the visitor attempting to sign on to LearningBuilder™ through the external system. 

See Secure Tokens

TimeStamp

A time stamp generated to establish the authentication token. 

See Secure Tokens

Token

The encrypted token. 

See Secure Tokens

SuccessURL

The landing page when sign-on is successful.   This is useful if you want the user to land on a page other than their default landing page.  A list of supported Success URLs is found on the Redirecting after SSO page. 

Optional.  If the URL to redirect to is for a page outside of LearningBuilder™, then the provided URL must be fully qualified, i.e. begin with 'HTTP://'.  If not provided, the user will be taken to their default landing page. 

FailureURL 

The landing page of the external system when sign-in is not successful. 

Optional.  If not provided, the user will be taken to the default error page. 

bypassDemographics

Set to "true" if you are not using the Demographic Synchronization Service , or are testing and want to bypass it.

Optional. If true, the demographics synchronization will be skipped.

Logging off from LearningBuilder™

When the user logs off of LearningBuilder™, they are redirected to the LogOffURL. This URL is specified through configuration of LearningBuilder™ and must be provided to the technical team during system configurations.  

In addition, a CustomLoginUrl can be defined which Users will be redirected to upon login when they do not have an active session. When not specified, it defaults to /account/login/.

Please create a Support Ticket to make changes to the LogOffURL and CustomLoginUrl

  • No labels