17.3.1.1.1. SSO tickets in the Loginapp REST UI

SSO tickets can be used to authenticate users in the Loginapp REST UI.

The Loginapp REST UI can extract SSO tickets from URLs and send them to the Loginapp REST API for verification.

Configuration hints

  • 1.
    Configure the Loginapp REST API as described in 17.2.2.7. SSO ticket authentication in the Loginapp REST API. Make sure to use a Loginapp REST UI SSO Ticket Extractor in the SSO Ticket Authentication Step. The extractor is capable of extracting the SSO ticket from the REST request sent by the Loginapp REST UI.
  • 2.
    Go to:
    Loginapp >> UI Settings >> Authentication UIs
  • 3.
    Configure one or more SSO Parameter Names. The list defines the HTTP GET parameter names that are used to extract SSO tickets from the request.
  • Note that this property is defined in the Authentication UIs for all Flow UIs.

Usage examples

SSO tickets can be processed by the Loginapp REST UI in the following types of URLs:

  • Direct application access with GET parameter (application id is sso-ticket in this example):
  • GET /auth/ui/app/auth/application/access/sso-ticket?sso=eyJhbGciOiJI…
  • Direct application access with fragment (application id is sso-ticket in this example):
  • GET /auth/ui/app/auth/application/access/sso-ticket#sso=eyJhbGciOiJI…
  • Access with location parameter (requires an Application Selector to be configured in the target application):
  • GET /auth/ui/app/auth/application/access?Location=some-target-url&sso=eyJhbGciOiJI…

    Note that the sso parameter is in the URL but not inside the Location URL.