GETTING STARTED
SINGLE SIGN ON (JWT)
 

Single sign on helps with creating a simplified authentication framework.

mydigitalstructure supports JSON Web Tokens (JWTs) based id tokens through the use of identity provider http services.

DELEGATED AUTHENTICATION
The logon name (username) and data (eg JWT id_token) provided by the identity provider are sent to mydigitalstructure LOGON_TRUSTED endpoint, and then rather than using the mydigitalstructure LOGON authentication engine, it uses a pre-configured external webservice endpoint (URL) and trusts the "OK"/"ER" response from it.
JWT

JWT is a standard for exchanging tokens for authentication and authorization data between security domains.

mydigitalstructure, by default, expects the logon name of the user to be an email address, as returned by the Identity Provider.

USING THIRD PARTY IDENTITY PROVER (IP)
1 Setup Store the IdP Name, Entity ID & URL against the site using SETUP_SITE_MANAGE.
2 User navigates to site URL

If the user is not authenticated with mydigitalstructure.cloud a logon button for the identity provider is shown.

3 Authentication with IdP

User clicks the logon button eg "Sign in with Google" which redirects to the IdP.

4 Authentication with SP (mydigitalstructure)

After the user authenticates with the IdP, the IdP returns with the details of the user including and id_token (JWT)

5 Getting the IdP data and validating it and the user as authenticated.

The LOGON_TRUSTED method then;

  • Gets the data (ie id_token)
  • And passes it the set up IdP URL.
  • The IdP returns with
    { status: 'OK/ER', siteGUID: [site GUID that matches the site with ID URL], logon: [logon name validated] }
    after validating the id_token ie it's signature, issuer, user, expiry data are correct.

 

OVERVIEW

 

 
Authentication
Data protection using cryptography
jwt.io
Public-key cryptography
Digital signatures
Google Sign in
Help!