SSOService Class

Single-Sign-On (SSO) Service Logic. This class contains the rules for creating a url that clients use for Single sign-on

Inheritance Hierarchy

SystemObject
AppOne.Web.Service.Services.V1R0BaseService
AppOne.Web.Service.Services.V1R0SSOService

Namespace: AppOne.Web.Service.Services.V1R0
Assembly: AppOne.Web.Service (in AppOne.Web.Service.dll) Version: 1.0.141

Syntax

JavaScript

Copy

public class SSOService : BaseService

AppOne.Web.Service.Services.V1R0.SSOService = function();

Type.createClass(
	'AppOne.Web.Service.Services.V1R0.SSOService',
	AppOne.Web.Service.Services.V1R0.BaseService);

The SSOService type exposes the following members.

Methods

	Name	Description
	SSOEnabled	Determines if single sign-on is enable for the specific customer alias (CustomerAlias)
	SSOLinkByEmpIdentifier	OBSOLETE See V2 GetSSOLink(GetSSOLinkIn)
	SSOLinkByLogin	SUNSET See V2 GetSSOLink(GetSSOLinkIn)
	SSOLinkByLoginID	SUNSET See V2 GetSSOLink(GetSSOLinkIn)

Top

Remarks

Single sign-on within the time-web API system is managed at a client/customer level. Each time web services client (CustomerAlias) must enable SSO services. These services can be enabled by navigating to Configuration > General > Web Services. Once the SSO service is enabled it will generate a private GUID SSO shared key that is unique to that client. This key is then used as one of the parameters in the various methods to retrieve the SSO authentication URL. Please note that any SSO redirect URL that is returned from an SSO service is only valid for a few minutes. If it has not been used then it will become invalid.

Your company may manage its own time-web brand. If this is the case then you would have been given a URL such as https://yourbrand.centralservers.com where "yourbrand" is the name of the brand assigned to your company. If a brand is something that your company has access to then you will have the ability to create a global SSO key that can be used across every client. This will allow you to program your applications with a single SSO key that can be used across multiple clients. It is also important to note SSO does not need to be enabled at the brand level. When you enable SSO at the brand level it basically allows you to enabled access of the shared key GUID across the clients that are part of a brand. The brand can technically not be enabled yet the client SSO will still work, pending it is enabled.

Note
Setup: Configuration > General > Web Services Manager > Employees > Access Business Rules: Single sign-on must be enable at the customer level. A "Shared Key" (GUID) is created at both the brand and customer levels. The brand "Shared Key" can be used for any customer request, but a customer "Shared Key" can only be used for that specific customer or CustomerAlias.

Caution
Single Sign-on is composed of several touch points. For example SSO must initially be enabled in the system configuration and is not dependent of time-web API services being enabled. SSO can also be controlled at an individual employee level allowing one employee to work and another employee not. SSO can also be interrupted by IP requirement checks made in the configuration security menus. When testing your SSO connectivity points be sure that all of the configuration items are enabled correctly.

Caution

Single Sign-on is composed of several touch points. For example SSO must initially be enabled in the system configuration and is not dependent of time-web API services being enabled. SSO can also be controlled at an individual employee level allowing one employee to work and another employee not. SSO can also be interrupted by IP requirement checks made in the configuration security menus. When testing your SSO connectivity points be sure that all of the configuration items are enabled correctly.

Reference

AppOne.Web.Service.Services.V1R0 Namespace