Single Sign-On Setup Procedure

In order for the Sabre SSO to be used by the Red App, SSO configuration for a new service provider must be created first. For the configuration to be created, please send a request with the necessary information to redappssupport@sabre.com. The information to be included in the request:

Red App ID - ID of Red App to use Sabre SSO.
Vendor Name - vendor name of Red App to use Sabre SSO.
Service Provider ID - ID of Service Provider. ID for production and certification environment may be different.
SSO Type - SSO type. This can be SSO service, web SSO or both.
Red App server-side endpoint - Red App server-side endpoint to which assertion should be posted (applicable only in case of Web SSO).

Service Provider ID

To comply with the SAML convention and to ensure its uniqueness across all services defined by Red Apps vendors, the service identifier must be provided in a form of the URL address. We advise to use the service’s URL address. If the service you are planning to integrate with is at: www.yourdomain.com/yourservice, the Service Provider ID should be: https://www.yourdomain.com/yourservice. If you also maintain the development version of the service at: dev.yourdomain.com/yourservice-dev, service ddentifier for production and certification should look like: https://dev.yourdomain.com/yourservice-dev.

Assertion Validation

When your request is successfully processed, Sabre will provide you with credentials and schema for the SSO Validation Service (which is the preferred approach for validating assertions as it saves you burden of managing X509 certificates, maintaining SAML applications and/or implementations). However, if you prefer to validate assertions on your own, Sabre will provide you with a public key for the certificate, which is used for signing generated assertions. In this case you should indicate such intention in your request. More information about SAML assertion validation can be found here.