Single Sign-On
Single sign-on is a useful feature that allows users to log in to multiple applications and websites with one set of credentials. In this guide, we will explore how to integrate this functionality into your application using the LicenseSpring SDK.
- Initialized LicenseManager (or LicenseHandler) with your configuration using the appropriate settings.
- Activated the user-based license of any type.
To implement SSO activation, add a customer account code to the configuration. The account code can be found on your LicenseSpring account under Customer->Customer accounts:
When you have this value, set it to the configuration:
This value also can be set during the activation process, so you can use multiple customer accounts without reconfiguring the LicenseManager.
You can choose the authorization method when getting the authorization URL. There are two methods:
- Token: Implicit grant which attaches user pool tokens ( id_token, access_token, expires_in, and token_type ) to the redirect_uri once the user is verified.
- Code: Authorization code grant method where the code query param is attached to the redirect URL instead of id_token. This code is sent in the request body when doing license activation.
If you do not want to expose user tokens or the redirect URI is too long for your use case, we recommend using the code instead of the token. By default, the SDK returns the URL with the authorization code. To use the authorization token, pass the additional parameter to the getSSOUrl method:
Note that this method sets the passed customer account to the LicenseManager configuration.
You can open the SSO URL in the system browser or within the application. After the user enters the login credentials, handle the redirect.
If you are using the system browser, you can implement reopening the application with the redirect URL as a parameter. To make the application open with the redirect link, add a script that edits the registry, enabling your application to handle LicenseSpring URLs, as a part of the installation process.
Here’s an example of edited registry:
This functionality can be implemented using various libraries and tools such as Qt WebEngine or .NET WebBrowser control. The goal is to wait until the URL changes and retrieve this redirect link.
To learn more about both approaches, see the SSO sample projects we provide along with C++ and .Net SDKs.
When you have the redirect URL, extract the authorization code or token.
Then pass the authorizationData value to the activation method. It allows setting the customer account and specifying whether the authorization data is a code or a token.
This type of license activation can throw the same errors as a regular activation.
In addition, there are errors specific to single sign-on:
- SSOException - In case the customer was not found or SSO is not enabled.
- SSOTokenException - In case the SSO token is invalid or expired.
