Absorb Single Sign-On (SSO) V3.0
Overview Absorb allows single sign-on (SSO) with third-party systems, regardless of the programming language. SSO is made secure by a series of calls (between Absorb and your system) using MD5 hash encryption. The authentication flow is outlined in the following diagram: Absorb SSO currently supports users only (not administrators). Requests require the use of your private API key. To obtain this, please contact support@absorbanywhere.com. The Absorb system currently supports three unique sets of interfaces: - Version 1 - Version 2 - Version 3 Depending on what version of the interface you are using please use the appropriate URL. Absorb Single Sign-On (SSO) 2
Settings The following variables and settings are required in the SSO process: 1. API Key: your organization s private API key. 2. Sign-on URL: users will be directed here for sign-on verification. You will need to provide Absorb with this URL upon set up. 3. Sign-out URL: users will be directed here upon sign-out from Absorb. You will need to provide Absorb with this URL upon set up. 4. Unique Identifier (see Appendix A). 5. Absorb URL: your organization s URL to access Absorb Version 1 Interface - http://yourname.absorbtraining.com/user/ Version 2 Interface - http://yourname.absorbtraining.com/u/get.ashx?method=sso Version 3 Interface - http://yourname.absorbtraining.com/get.ashx?method=sso Absorb Single Sign-On (SSO) 3
Sign-On 1. To access Absorb, users should be redirected from your system to your Absorb URL with the following parameters in the query string: Parameter Value Example SSOID Unique Identifier user@test.com SSOKey MD5 Hash (SSOID + API Key) 2b18bb54c4e785449a44c705cdcf8b21 Using the above examples, your request should look like this: Version 1 Interface - http://yourname.absorbtraining.com/user/?ssoid=user@test.com&ssokey= 2b18bb54c4e785449a44c705cdcf8b21 Version 2 Interface - http://yourname.absorbtraining.com/u/get.ashx?method=sso&ssoid=user@ test.com&ssokey=2b18bb54c4e785449a44c705cdcf8b21 Version 3 Interface - http://yourname.absorbtraining.com/get.ashx?method=sso&ssoid=user@te st.com&ssokey=2b18bb54c4e785449a44c705cdcf8b21 For more details see Appendix B. 2. If successful, the user will be automatically redirected back to your Sign-on URL for verification, with a parameter called SSORequest. Example: http://your-url/sso/?ssorequest= aff562e661ac07a0a1c1ddca7fb5a6ba 3. Your system should verify an Absorb session has been requested on your end and redirect back to Absorb with a parameter called SSOResponse. Parameter Value Example SSOResponse MD5 Hash (SSORequest + API Key) 13ef75140a8b3fbcd5b9213fadc795cb Using the above examples, your request should look like this: Version 1 Interface - http://yourname.absorbtraining.com/user/?ssoresponse= 13ef75140a8b3fbcd5b9213fadc795cb Absorb Single Sign-On (SSO) 4
Version 2 Interface - http://yourname.absorbtraining.com/u/get.ashx?method=sso&ssoresponse = 13ef75140a8b3fbcd5b9213fadc795cb Version 3 Interface - http://yourname.absorbtraining.com/get.ashx?method=sso&ssoresponse= 13ef75140a8b3fbcd5b9213fadc795cb 4. Finally, Absorb will verify the response and if successful, the user will be logged into their courses. If unsuccessful, the user will be provided with Absorb s standard log in screen. The SSO is only valid for a single login, if the user returns, they process will need to start over from step 1. Sign-Out 1. When a user clicks Log out in Absorb, they will be redirected to your Sign-out URL where additional sign out actions can take place on your server. Their Absorb session is immediately destroyed. Absorb Single Sign-On (SSO) 5
Appendix A: Unique Identifiers Absorb will accept a number of fields as a unique identifier, with Email being the default option. It is up to your organization to determine which field will work best with your system. Suggested fields include: E-mail Address (default) Employee Number Absorb Username Reference Number As well as any customizable fields. You will need to provide Absorb with your preference upon set up. Note: In the event that more than one result matches a query, the first available result will be returned. Absorb Single Sign-On (SSO) 6
Appendix B: MD5 Encryption The SSOKey in your request is created by appending your private API Key to the unique SSOID and then applying MD5 encryption to the complete string. MD5 functions are available in most programming languages. For more information, please see http://en.wikipedia.org/wiki/md5. SSOKey = MD5(SSOID + APIKey) Variable SSOID API Key Example user@test.com 525cc28527d9912cbed4e6c6e91aba4c Using the above examples, your SSO key should be generated as: SSOKey = MD5("user@test.com525cc28527d9912cbed4e6c6e91aba4c") SSOKey = 525cc28527d9912cbed4e6c6e91aba4c The SSOResponse is generated in a similar way by appending your private API Key to the SSORequest (from Absorb) and then applying MD5 encryption to the complete string. SSOResponse = MD5(SSORequest + APIKey) Variable Example SSORequest aff562e661ac07a0a1c1ddca7fb5a6ba API Key 525cc28527d9912cbed4e6c6e91aba4c Using the above examples, your SSO key should be generated as: SSOResponse = MD5("aff562e661ac07a0a1c1ddca7fb5a6ba"+ "525cc28527d9912cbed4e6c6e91aba4c") SSOResponse = 13ef75140a8b3fbcd5b9213fadc795cb Please note: your SSOKey and SSOResponse should contain only lowercase letters and numbers. Absorb Single Sign-On (SSO) 7