Single Sign-On for the Registration UI

This article discusses how to implement the Single Sign-On (SSO) solution for a family of websites using the Registration UI.

Enable Required JavaScript Settings

SSO is configured in the JavaScript settings that you implement for Registration. The following settings must be enabled on all sites within your SSO network:


  janrain.settings.capture.federate = true;
  // The federateServer URL will be provided by Janrain.
  janrain.settings.capture.federateServer = 'https://example.janrainsso.com';
  janrain.settings.capture.federateXdReceiver = 'https://mysite.com/xd_receiver.html';
  janrain.settings.capture.federateLogoutUri = 'https://mysite.com/logout.html';
        

Set Up XD Receiver URLs

Each site needs to host a static XD receiver (cross-domain receiver) page. The page is never visible to the end user. The XD receiver page for each site must reside on the same domain as the main site, or SSO will not work in some browsers.

The following content must also be added to the federateXdReceiver page:


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
 <head>
 <title>Cross-Domain Receiver Page</title>
 </head>
 <body>
 <script type="text/javascript">
 <!--
 Cloudfront direct might be a little faster:
 https://d1lqe9temigv1p.cloudfront.net/js/lib/xdcomm.js
 but janraincapture.com will be easier for IT to whitelist:
 https://ssl-static.janraincapture.com/js/lib/xdcomm.js
 -->
 var xdcommJs = (("https:" == document.location.protocol) ? "https://ssl-static.janraincapture.com/js/lib/xdcomm.js" : "http://cdn.janraincapture.com/js/lib/xdcomm.js");
 document.write(unescape("%3Cscript src='" + xdcommJs + "' type='text/javascript'%3E%3C/script%3E"));
 </script>
 </body>
</html>
        

Set Up Logout URLs

Each site needs to host a static SSO logout page. The page is never visible to the end user. The SSO logout page for each site must reside on the same domain as the main site, or SSO will not work in some browsers.

Enable Optional JavaScript Settings

There are several optional settings that may be enabled as well. The following example shows how to configure segments to create groups of sites between which to enable SSO.


  janrain.settings.capture.federateSegment = 'segment_1';
  janrain.settings.capture.federateSupportedSegments = ["segment_2","segment_3"];
        

Handle SSO Logins

Once a user has logged into one of your sites, Janrain will automatically log that user into any other SSO-enabled site that he or she visits. Both the onCaptureLoginSuccess and the onCaptureFederateLogin events will fire with the ssoImplicitLogin property set to true to identify the login event with SSO. This gives you the option to treat logins via SSO differently.