Single Sign On?

Michiel_Prins1 · May 10, 2021, 12:02pm

Hi,

This is a complete edit/rewrite because I think my previous explanation was unclear

I would like to enable logons from another site. We have clients with a complete SSO to a portal that we use. This portal gives clients access to multiple systems that we have in place for them, without them having to log on a second time.

How would I implement this with Backendless UI Builder? I could pass credentials from the portal to Backendless, but what would be a best practice to handle such a thing?

Michiel

Thanks!
Michiel

Nikita_Fedorishchev · May 11, 2021, 9:03am

Hello @Michiel_Prins1.Is OAuth 2.0 Right For You? If so, here is a link to the documentation where you can read more about this: Social and OAuth2 Logins - Backendless SDK for JavaScript API Documentation

Regards, Nikita.

Michiel_Prins1 · May 11, 2021, 9:22am

Hi Nikita,

We have a proprietary portal which already uses a link with the AD of the clients.

I think I’ve come up with a solution that I’m implementing now, which is a two-step procedure:

The portal does a request to a REST API (with e-mail address of the user and API authorization) that creates a record in an announcements table that this user is about to logon.The REST API returns a UUID.
The portal then forwards to a page that servers as SSO login page with the e-mail address and uuid as parameters. The page checks in the Page On Enter if there is an announcement for this user, and then logs the user on using the e-mail address and a pre-set password (which is the same for all users). The user is then forwarded to the home page.

It would be better if I could force a new password on a user in the database, I would change the password to the UUID in step 1 and use that UUID as password in step 2.

Unfortunately I’ve not been able to find a password change like this in the Users API.

sergey.kuk · May 12, 2021, 9:50am

Hello @Michiel_Prins1

You have a great idea. To change the password use data service for example cUrl query:

curl -X PUT -H 'Content-Type:application/json' -H 'user-token: 3CC920FD-D90B-493E-8993-FB10FF7EF6A3' 'https://api.backendless.com/<app-id>/<api-key>/data/Users/<user-object-id>' -d '{
  "email":"a@a.com",
  "password": "test2"
}'

Michiel_Prins1 · May 12, 2021, 10:24am

I’m already in a Backendless API when I want to change the password. So I can just do a database update on the users table with a new password for this user?

sergey.kuk · May 12, 2021, 10:31am

@Michiel_Prins1, yes and user will have a new password

Michiel_Prins1 · May 12, 2021, 1:46pm

Let me share the nocode logic for anyone else to use.

This method uses a table ‘announcements’ with email and uuid columns. I could have used the objectId column, but I didn’t I could also have used authorization in the headers, but I didn’t

This is the “accounce” method of my “ssoservice” API:

And then on a blank page that I call sso_login, in the Page Enter logic:

To log on, you need to call the API with email and api_key (enter the key in the API logic), and then 301 to the sso_login page with the uuid parameter (which you get grom the API) in the url.