Cookie Based Single-Signon Authentication

Cookie based single-signon authentication can be used when your users are already logged into another web application like an intranet site, AND that system sets cookies that can be used by connectDaily.

Here's how it works:

1. User attempts to access connectDaily.
2. connectDaily constructs a web request to an authentication URL. It passes specified cookies as part of the web request.
3. A web page at the other end (the authentication URL) examines the request and cookies. If the user is authenticated, it returns the person's user name, full name, and Email address to connectDaily.
4. If the user is logged in to the other system they will be automatically logged in.

Requirements

• The web browser must send the specified cookies to connectDaily. Usually this is accomplished by setting the cookie's domain to the parent domain. E.G. ".sample.org". The URL for the calendar must be in the same domain. E.G. "calendar.sample.org".
• There must be active code at the other web application that can accept the connectDaily authentication request and return whether the user is authenticated. Essentially, you must construct a stub application to do this.

Configuration

Before continuing, add at least one administrator level account to connectDaily that has a user name you will use for cookie login.

Create the file cdaily-5.0.0/WEB-INF/singlesignon.properties file. Here's an example to get started:

cookieRegex=fusion_.*

AuthURL=https\://www.sample.org/fusionauth.php

ErrorRegex=Error\=(.*)\\n

userRegex=UserName\=(.*)\\n

emailRegex=EmailAddress\=(.*)\\n

Debug=yes

Complete information about parameters for singlesignon.properties can be found in the class documentation for AuthProviderCookieSignon. This file can be found in the WEB-INF/misc/security folder.

Create the authentication stub handler to accept the connectDaily request. There's an example stub application in the WEB-INF/misc/security directory.

Add a line to the cdaily-5.0.0/WEB-INF/configuration.properties that specifies the Cookie authentication provider:

AuthenticationProvider=com.mhsoftware.cdaily.support.security.AuthProviderCookieSignon

Restart the connectDaily application. Authenticate to the source web application then attempt to access connectDaily.

See Also: Automatically Creating Users