Single Sign-On with Social Login

Janrain’s Single Sign-on (SSO) functionality enables your customers to register or log in once and effortlessly navigate across your multiple websites without needing to log in again. SSO is also available for Registration.

By default, Single Sign-on authenticates all users who visit a member site who have an active SSO session open. Using segments, you can implement a more fine-grained SSO experience on your sites. If no segment setting is present, all users with an SSO session are automatically signed in to all customer sites.

For example, a large music brand can segment by artist and associated online stores. This lets a user log into a band’s site and SSO automatically signs the user into an online store in the same segment, but not into another artist’s site.

Multiple segments may be supported on a site. For example, a holding company with many brands may segment SSO by each brand and also allow users who have logged in on any brand’s site to be automatically logged in on the primary holding company site.

Segment settings are stored locally, and end users may manipulate their segment identifiers, so this feature should not be used for site security or restricting access.

Before You Begin

  • If the sign-in page uses HTTP, SSO can work with either HTTP or HTTPS pages.
  • If the sign-in page uses HTTPS, SSO can work only with HTTPS pages.
  • We recommend that you serve all pages over SSL to enhance security for site users.

Configuration Information Needed

You will need the following configuration information to implement SSO with Social Login:

Configuration Parameters

Provided By

Description

sso_server

Janrain

The URL to the Janrain Single Sign-on server.

token_uri

Customer

The callback URL on your site that will receive the authentication token.

xd_reciever

Customer

A static page on your site used to securely pass the authentication token to the token_uri.

logout_uri

Customer

A page on your site that logs the user out of all SSO-enabled sites. If you do not have a logout_uri, you must set this to null.

segment

Customer

Optional — The name of the segment to which the site belongs. Sites on the same domain must use the same segment. The name may only include alphanumeric characters, with no spaces, slashes, or other special characters.

supported_segment

Customer

Optional — A comma-separated list of segments that the site allows SSO from in addition to the defined segment.

Implementation Steps

Set Up token_uri

After a user signs in (or is automatically signed in through SSO), Janrain sends a token to a callback on your website. This is known as the token_uri, which you will have set up for your Social Login implementation. This code sample shows how to set up a token_uri.

Set Up xd_reciever URLs

Each site needs to host a static XD receiver (cross-domain receiver) page, which is used to securely pass the token to the token_uri through JavaScript. The page is never visible to the end user. The XD receiver page for each site should reside on the same domain as the main site, or Single Sign-on may not work in some browsers.

The following code must be included on the XD receiver page:


<html>
 <script src="https://d1v9u0bgi1uimx.cloudfront.net/static/xd_receiver.js"type="text/javascript"></script
</html>
     

Enable Single Sign-on

Once a user has logged in to one of your sites, Janrain will automatically log that user into any other SSO-enabled site that he or she visits. Place the scripts below in the <head> section of each page on your sites to configure SSO (substituting the appropriate URLs as described in the previous table).


<script src="https://d1v9u0bgi1uimx.cloudfront.net/sso.js"type="text/javascript"></script>
<!--Do not modify the above URL-->
<script>
JANRAIN.SSO.ENGAGE.check_login ({
 sso_server:'https://example.janrainsso.com',
 token_uri:'https://mysite.com/tokenUrl.php',
 xd_receiver:'https://mysite.com/xd_receiver.html',
 // If no Logout URL is required for the site, set logout_uri to null
 logout_uri:'https://mysite.com/logout.php',
 // If you are not using segments, remove the following two lines.
 segment:'segment_1',
 supported_segment:'segment_2, segment_3'
 });
</script>
     

(Optional) Enable Single Sign-Off

Single Sign-on also provides Single Sign-Off functionality, ensuring that when a user logs out of one site, he or she is also logged out of all SSO-enabled sites. The configured logout_uri for each SSO-enabled site that the user visited will be loaded invisibly to run the Single Sign-Off logout function.

The following example shows how to create a Logout link that triggers automatic logout across all SSO-enabled sites.


<script>
 functionmy_logout(){
 JANRAIN.SSO.ENGAGE.logout({
 sso_server:'https://example.janrainsso.com',
 logout_uri:'https://mysite.com/logout.php'
 });
 };
</script><button onclick="my_logout()">Sign Out</button>
     

This logout function will redirect to the page you provide in the logout_uri parameter once it completes. Any site-specific logout logic should be placed in your logout_uri page. Placing any code after the Single Sign-Off logout script may introduce a race condition.