Cookie Based Single-Signon Authentication

Cookie based single-signon authentication can be used when your users are already logged into another web application like an intranet site, AND that system sets cookies that can be used by Connect Daily.

Here's how it works:

1. User attempts to access Connect Daily.
2. Connect Daily constructs a web request to an authentication URL. It passes specified cookies as part of the web request.
3. A web page at the other end (the authentication URL) examines the request and cookies. If the user is authenticated, it returns the person's user name, full name, and Email address to Connect Daily.
4. If the user is logged in to the other system they will be automatically logged in.

Requirements

• The web browser must send the specified cookies to Connect Daily. Usually this is accomplished by setting the cookie's domain to the parent domain. E.G. ".sample.org". The URL for the calendar must be in the same domain. E.G. "calendar.sample.org".
• There must be active code at the other web application that can accept the Connect Daily authentication request and return whether the user is authenticated. Essentially, you must construct a stub application to do this.

Configuration

Before continuing, add at least one administrator level account to Connect Daily that has a user name you will use for cookie login.

Create the file cdaily-3.4.16/WEB-INF/singlesignon.properties file. Here's an example to get started:

cookieRegex=fusion_.*

AuthURL=https\://www.sample.org/fusionauth.php

ErrorRegex=Error\=(.*)\\n

userRegex=UserName\=(.*)\\n

emailRegex=EmailAddress\=(.*)\\n

Debug=yes

Complete information about parameters for singlesignon.properties can be found in the class documentation for AuthProviderCookieSignon. This file can be found in the WEB-INF/misc/security folder.

Create the authentication stub handler to accept the Connect Daily request. There's an example stub application in the WEB-INF/misc/security directory.

Add a line to the cdaily-3.4.16/WEB-INF/configuration.properties that specifies the Cookie authentication provider:

AuthenticationProvider=com.mhsoftware.cdaily.support.security.AuthProviderCookieSignon

Restart the Connect Daily application. Authenticate to the source web application then attempt to access Connect Daily.

See Also: Automatically Creating Users