Single sign-on¶
Sensaru Cloud supports single sign-on for
- All domains that open full screen, e. g. edge.sensaru.net
- Subdomains of sensaru.net that open in an iframe (i. e. C1 Device Management UI).
The latter is a restriction imposed by brower policies.
Single sign-on uses OAuth authentication. The principal (system provider ID, system distributor ID and business partner ID) of the currently logged in user is passed from C1 Core UI as GET
parameters to the accessed web page. The web page then performs a standard OAuth login, passing these IDs on to the login page of C1 Auth. When the user is already logged in, he is immediately directed back to the service which in turn can generate an access and refresh token. These tokens can be stored for requests that follow.
In addition the selected business partner should be passed for system distributor, system provider and super users.
Warning
Please note that you need to pass the principal of the logged-in user to the login page. Do not pass the selected principal.