Skip to main content

SSO Setup Procedure

In order for the Sabre SSO to be used by the Red App, SSO configuration for a new service provider must be created first. For the configuration to be created, please send a request with the necessary information to redappsupport@sabre.com. The information to be included in the request:

  • Red App ID – the identifier of the Red App that is to request SAML assertion.

  • Vendor Name – vendor of the Red App.

  • Your Service Identifiers:

    • one for Production environment

    • one for Development/Certification environment (if not provided, the same identifier will be configured for both Production and Certification environments)

  • Information on whether this request is to configure an SSO service, a web based SSO service, or both.

Service Identifiers

Note
To comply with the SAML convention and to ensure its uniqueness across all services defined by Red Apps vendors, the service identifier must be provided in a form of the URL address - we advise to use the service’s URL address. If the service you are planning to integrate with is at: www.yourdomain.com/yourservice, the Service Identifier should be: https://www.yourdomain.com/yourservice. If you also maintain the development version of the service at: dev.yourdomain.com/yourservice-dev, the Service Identifier for Development and Certification should look like: https://dev.yourdomain.com/yourservice-dev. In case of the web based SSO, the configuration will use Service Identifier as the URL to which the SAML assertion will be posted.

When your request is successfully processed, Sabre will provide you with credentials and schema for the SSO Validation Service (which is the preferred approach for validating assertions as it saves you burden of managing X509 certificates, maintaining SAML applications and/or implementations). However, if you prefer to validate assertions on your own, Sabre will provide you with a public key for the certificate, which is used for signing generated assertions. In this case you should indicate such intention in your request. More information about SAML assertion validation can be found here.

Note
The Single Sign-On package is currently distributed with SDK and can be found at the documentation directory.