About the Single Sign-On
Sabre SSO (Single Sign-On) provides vendor agnostic means for Red Apps to validate access to their server-side services. Sabre SSO uses SAML (Security Assertion Markup Language) for data exchange. There are currently two ways that Red Apps can use SSO:
SSO Service - Allows you to retrieve a SAML assertion. In this case the Red App is responsible for passing the assertion to the service it is trying to establish connection with. The SSO service is currently only available in the SR360 desktop client.
Web based SSO - once SSO is configured, Red App can use the configured link to initialize SSO and in this case it is Sabre, who is responsible for both generating the SAML assertion and posting it to the specified address for validation.
In both cases, SR360/Sabre Red Web (with its user authentication and authorization mechanism) acts as the Identity Provider.
Before you use the Single Sign-On, please make yourself familiar with the following definitions:
Identity Provider - provides a certificate, which will sign a SAML assertion. SR360/Sabre Red Web is the identity provider for Red Apps and provides an appropriate certificate.
Service Provider - this is your Red App server-side service, which will consume the assertion.
Service Provider ID - a unique identifier for your Service Provider. Make sure your Service Provider ID was configured by Sabre previously (see: SSO Setup Procedure for details).
SAML stands for Security Assertion Markup Language. It is an XML-based standard for exchanging authentication information between security domains. The most important application of SAML is the web-based Single Sign-On.
SAML defines three roles: Principal (usually a user), Identity Provider (IdP) and Service Provider (SP). Usually the Principal requests a service from the SP and SP requests and obtains assertions from IdP. Before IdP issues the assertion, it may ask user for credentials.