Managing SSO Login on the Platform
The platform API supports sign-in, using the LDAP protocol, to SSO providers such as Facebook and Google, that provide UI for their users in the form of a standard login page, and also to other SSO providers who do not provide the login page. If the SSO provider doesn't provide the login page, the platform provides one; if you are using the API to support SSO login, you can use the information returned by the SSO operations to build a custom login page for the user.
Use Get /api/login/ssoLogin to initiate the login process. This has two possible responses.
Depending on the SSO provider, one of two things will happen:
- If the specific SSO provider has its own UI, such as Google and Facebook, the GET /api/login/ssoLogin operation automatically redirects the user to the domain-specific UI for login. The user logs in and the SSO provider returns an SSO token.
- If the platform UI will be used for the login screen, the GET /api/login/ssoLogin returns a JSON response indicating the public and private credentials that are required for validation of the user (for example, username and password or account number and password). This information can then be used to create a user interface login page where the user can provide the required values. When the values are collected, the POST /api/login/ssoLogin operation is used to send them to the SSO provider for validation.
- GET /api/login/ssoLogin: Used when the identity provider has its own login screen and SSO is enabled between the platform and the identity provider. Examples: Facebook, Google.
- POST /api/login/ssoLogin: Used when the identity provider does not have its own login screen and the platform is providing the login form as required by the identity provider.