Returning to login page from external applications - SSO

Owned by ubisebastian
Last updated: 2022-03-01 by Eero Saikku
2 min read

From the login page, it is possible to allow the user to click a link and access an external application and be returned back to the login sequence at the same point, while maintaining state of where the user was trying to access, what language and template was used.

For example,

  • a user can follow a link to the password reset application to reset their password and be returned to the login screen
  • a user can follow a link to register a new account in CustomerID or other third party registration application and be returned to the login screen

The links to external applications are configured in a file in the ubilogin/custom/templates directory. The filename should end with the suffix .links. E.g. default.links. The file contains two entries for each application:

  • application.name.url → URL to the application.
  • application.name.methods → a whitespace separated list of methods for whose this link applies to. Mandatory field.

For example:

# default.links:

password.reset.url = /password/reset
password.reset.methods = password.1 password.ad.1

cid.register.url = https://example.com/eidm2/wf/register
cid.register.methods = password.2

example.register.url = https://example.com/registration
example.register.methods = example.password.1

The example above registers three applications: password.reset, cid.register and example.register.

A links file is always template specific, so one could have different set of links for each template. The links file is registered to a template by attribute links, whose value is the relative path of the links file in respect to the template file (i.e. default.properties). Thus, if the links file is located in the same folder as the template file, the value would then just be the name of the links file. For example:

# default.properties
links = default.links

To make an application link registered in the links file visible in SSO login page, the following notation must be used in the messages file:

messages/uas.properties
# uas.properties:
MENU_HELP_LINKS = <li><a href="javascript:view.navigate('password.reset')">Forgot your password?</a></li>
messages/uas_fi.properties
# uas_fi.properties:
MENU_HELP_LINKS = <li><a href="javascript:view.navigate('password.reset')">Salasanan resetointi</a></li>

The system will fill the url with a returnurl appended in its query parameters and shows it the html page. For example, the link would then look like this:

https://sso.example.com/password/reset?returnurl=https%3A%2F%2Fsso.example.com%2Fuas%2Fauth%2F<conversationID>%2Fresume&entityID%3D<entityID>%26locale%3D<locale>%26template%3D<template>%26method%3D<method>

In unencoded form the returnurl looks like this:

https://sso.example.com/uas/auth/<conversationID>/resume&entityID=<entityID>&locale=<locale>&template=<template>&method=<method>

In order to return the user into the SSO login page to continue the login after resetting a password (or any other task), the external application must redirect the user to the url passed in the returnurl query parameter.

It is possible to reflect changes made to the user interface language (locale) and template in the called application and these changes will be reflected in the SSO user interface. This is done by setting the template and locale parameters respectively.

Ubisecure Privacy Policy & Cookie Statement