SSO: Single Sign On
ADFS: Active Directory FederationServices
SAML: Security Assertion Markup Language
SP: Service Provider, in the context ofthis document is openFIT
IdP: Identity Provider, in the context ofthis document is the openFIT partner wishing to integrate with openFITapplication through their SSO.
OF: openFIT application
Explained in this document is the SSO integration between OF as a SP and OF partners through their ADFS and SSO implementation. This will allow end users to login seamlessly to OF once they have already logged in to their workstations.
The integration is done using OF “Federation MetaData” endpoint and its expected that the partner using this endpoint send the requirement “Assertions” needed by the OF application to allow users to login seamlessly.
OpenFIT provides 2 endpoints for partners
Use this endpoint to carry a pilot integration with OF. This will provide a safe place to carry integration and test it until feeling OK and ready to go live.
Once a partner has confidence tha tintegration works seamless and up to his expectations, a partner can move tothe production endpoint.
On a basic level, OF requires that the below claims are sent as part of the assertion sent.
Note: In case more information is needed to be integrated, please contact OF support.
An example of how to integration using ADFS:
To complete the integration and test it, OpenFIT needs to provision an account for the partner and to accomplish that the Federation metadata endpoint or document for the partner is needed. We extract the following information from the document
- Name or Id, e.g.: http://adfs-test.groupnos.com/adfs/services/trust
- Single Sign-on Service URL
- Single Logout Service URL
- Sign Authentication Request(Yes / No)