WS-Fed SSO

Overview

Single sign-on (SSO) is a session and user authentication service that permits a user to use one set of login credentials (e.g., name and password) to access multiple applications. The service authenticates the end user for all the applications the user has been given rights to and eliminates further prompts when the user switches applications during the same session.

Prerequisite

Below information should be provided by the client so that Gooru will configure SSO access

NameSample Value
Issuer / login URLhttps://signin.client.url/login
ThumbPrint2F2275E98D56E0F078E34F8C20E0E633FFA5DD4B

Gooru will configure SSO access and share client id and secret.

WS-Fed Login

In order to use WS-Fed SSO, client application should initiate SSO request by calling GET endpoint as like (this is sample endpoint, it may change):
https://gooru.org/api/nucleus-auth-idp/v2/wsfed/login

Gooru will then redirect the to the issuer / login URL based on the client id passed in the request. If user is not already logged in at clients application, login page will be displayed. Otherwise further WS-Fed request should be invoked

Client's IDP server should make POST request with WS-Fed request body at endpoint as like (this is sample endpoint, it may change):
https://gooru.org/api/nucleus-auth-idp/v2/wsfed/login

As part of the WS-Fed request client should send below claims:

Based on the claims received, the user details are verified in Gooru and user is authenticated. Upon successful authentication, they will be redirected to Gooru homepage.