KNF:Single Sign On query/en: verschil tussen versies
| Regel 1: | Regel 1: | ||
{{PageTitleCustom|title=Single Sign On query|name=Kennisnet Federation|image=true|imageurl=KNF:Hoofdpagina/en}} |
{{PageTitleCustom|title=Single Sign On query|name=Kennisnet Federation|image=true|imageurl=KNF:Hoofdpagina/en}} |
||
==Introduction== |
==Introduction== |
||
| + | The Single Sign ON query can be used on websites that allows both anonymous and authenticated users. The latter will have access to extended functionality or content. |
||
| − | The main reason to perform a Single Sign On query is the following scenario: |
||
| ⚫ | To authenticate, the user needs to press the “Log in” button on the website, which starts authentication process. However if the user already has a valid Single Sign On session with Entree, pressing the “Log in” button immediately logs on the user, without any further interaction (eg.entering a username and password). The requirement to press “Log in” is therefore unnecessary and not user friendly. |
||
| − | A user enters a website that has functionality for both anonymous and authenticated users. |
||
| − | *For anonymous users, only limited functionality and information is available |
||
| − | *When the user wants access to other functionality and information, he needs to be authenticated |
||
| − | |||
| ⚫ | To authenticate, the user needs to press the “Log in” button on the website, which starts authentication process. |
||
| − | |||
| ⚫ | To prevent this the website should have a detection mechanism in place which automatically recognizes a user with a valid SSO session. This can be achieved with the Single Sign On query. This method is preferred over the 'SAML passive authentication' When using the SSO query, SAML passive authentication is not needed. |
||
| ⚫ | To prevent this scenario the website should have a detection mechanism in place which automatically recognizes a user with a valid SSO session. This can be achieved with the Single Sign On query. This method is preferred over the 'SAML passive authentication' When using the SSO query, SAML passive authentication is not needed. |
||
==External links== |
==External links== |
||
Versie van 17 dec 2013 11:42
Kennisnet Federation: Single Sign On query
 Nederlands
|
 English
|
Introduction
The Single Sign ON query can be used on websites that allows both anonymous and authenticated users. The latter will have access to extended functionality or content.
To authenticate, the user needs to press the “Log in” button on the website, which starts authentication process. However if the user already has a valid Single Sign On session with Entree, pressing the “Log in” button immediately logs on the user, without any further interaction (eg.entering a username and password). The requirement to press “Log in” is therefore unnecessary and not user friendly.
To prevent this scenario the website should have a detection mechanism in place which automatically recognizes a user with a valid SSO session. This can be achieved with the Single Sign On query. This method is preferred over the 'SAML passive authentication' When using the SSO query, SAML passive authentication is not needed.