Single Sign-On Service Cookbook

This cookbook shows how to set up Single Sign-On access and use it for user’s authentication on your server side.

Problem

  • You have a web service responsible for providing data (for example customer profile) or performing a complex bussiness logic (like charging), requiring authentication before usage. Your Red App needs to call this web service.

  • You want your web service to create a session automatically when a user is signed-in to Sabre Red 360, instead of asking him for additional sign-in.

Solution

We recommend you use the Single Sign-On service, using SAML standard, provided by Sabre to avoid asking user for password again as one is signed-in to SR360. The following diagram illustrates the general concept of authentication when using Single Sign-On service:

sso jpg

As you can see the process contains the following steps:

  • Your Red App generates an assertion by calling Single Sign-On Service Client - your Red App triggers generating an assertion.

  • Your Red App sends the assertion to your Web Service asking for the authentication.

  • Your Red App Web Service calls Single Sign-On Validation Service to check if the assertion is correct and valid.

  • Your Web Service creates a session ID and returns it back to your Red App - your Web Service creates a user session based on the data provided in the SAML assertion.

Generating the assertion

Sabre provides an API for generating assertions for Java and Javascript. Before you use it, make sure you have added the authorization tag to your redapp.xml file:

<Authorization name="com.sabre.edge.cf.sso.SsoService" threshold="10" metric="tpm" />

Using Java API

Add a dependency to the following plugins:

  • com.sabre.edge.cf.core

  • com.sabre.edge.cf.model

  • com.sabre.edge.cf.sso

And use the following code:

ISRWCommunication communication = Activator.getDefault().getServiceReference(ISRWCommunication.class);
SsoServiceClient client = new SsoServiceClient(communication);
String serviceProvider = "http://redApps.test.sp.int.sabre.com";

Map <String, String> parameters = new HashMap <String, String>();
parameters.put("street", "3150 Sabre Drive");
SsoRequest request = new SsoRequest(serviceProvider, parameters);
ClientResponse <SsoResponse> response = client.send(request);

if (response.isSuccess()) {
    String assertion = response.getPayload().getAssertion();
    // Process the assertion
} else {
    // Process errors
}

Using Javascript API

Add a dependency to the com.sabre.edge.platform.optional.webkit plug-in and use the following code snippet:

const serviceProvider = 'http://sampleredapp.dev.sabre.com';
const parameters = [['street', '3150 Sabre Drive']];
const serviceResponse = SrwApi.sso(serviceProvider, parameters);

const response = JSON.parse(serviceResponse)

if (response.response.success === true) {
    const assertion = response.response.payload.assertion;
    // Process the assertion
} else {
    // Process errors
}

Assertion Validation

Information about available ways to validate SAML assertions can be found here.

Sample implementation

See the com.sabre.redapp.example3.desktop.sso sample for implementation.