Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Meridix Studio supports single sign on (SSO) from external systems. There are two ways to allow an external system to automatically log in user into Meridix Studio without the users needing to manually input their credentials.

Signed - Recommended

The recommended method to log in users is to make a signed request (same signing mechanism as with the Web API) to the URL https://_meridixurl_/SSO?u=_username_ but before sending it use a ticket from Meridix Studio (token/secret) to sign the request resulting in a signed URL ex: 

https://companyname.meridix.se/SSO?auth_nonce=acd80a19&auth_timestamp=20121127113000&auth_token=3dsafdsa324c9bd4b8887b66baa8b566c28&u=user@user.com&auth_signature=81987e7899140e0c07e8dc26553fa7d2 

The signing procedure is described in the Web API Authorization section.

This is the recommended solution because it nevers send any passwords or ticket secrets to over the wire and once a signed request has been used its no longed valid i.e. each signed URL can only be used once and is only valid for 10 minutes from creation/signing (based on the timestamp parameter in combination with the Meridix server time in UTC).

If you need to link a user from ex. a portal site the rendered link must be signed a maximum of 10 minutes before its clicked otherwise the Meridix authentication will respond with a 401 Not authorized http response since the signature has been deprecated.

Simple - (Insecure) - Not recommended

The easist way to login a user from an external system is to make a request against https://_meridixurl_/SSO?u=_username_&p=_password_
Where _meridixurl_ is the URL to your Meridix installation, _username_ is the username/email of the user you want to login and _password_ is the Meridix password of the user.

This solution is not the recommended method since its sends the credentials in clear text and should not be used with public installations (available outside e.g. your intranet) should not be used without SSL (https).

Note
This feature is disabled by default and must be enabled in Meridix Studio to work.