Single Sign-On Implementation - Intergraph Smart Materials - Version 2020 (10.0) - Installation & Upgrade - Hexagon

Intergraph Smart Materials Installation (2020)

Language
English
Product
Intergraph Smart Materials
Subproduct
Classic
Search by Category
Installation & Upgrade
Smart Materials/Smart Reference Data Version
2020 (10.0)

If you want your clients (suppliers, subcontractors) to be able to directly login to Smart Materials Portal through your web published system using their existing credentials, you can activate the single sign-on (SSO) functionality. This chapter describes how to implement the optional SSO feature in your environment.

The picture below shows the workflow of the single sign-on process.

SSOCustomer

Client/Server – Location of the customer system (application or web application)

Server – Location of Intergraph’s SSO web launcher component.

Workflow:

  1. It must be ensured that the URL address to the SSO web launcher on the application server is known and retrievable.

  2. The SSO login needs at least the company Id and the email address of the user who is currently logged in in the customer's system to achieve a single sign-on login into Smart Materials Portal. It is a prerequisite that this information is retrievable from the customer's system.

    The combination of company ID and email address must be unique to enable the SSO login. The Portal registration allows to assign the same email address to multiple users within a company, but with these user accounts the SSO login would not work.

  3. Three additional strings must be provided:

    • Verification term - This string reflects the value of the DBA setting SSO_AUTH_VERIF and is used to verify, whether the decryption on server side is successful. This string can consist of any text, but the string must be the same on client and server side.

    • SSO password - This string reflects the value of the DBA setting SSO_AUTH_PASS and is used as key for AES en-/decryption. This string can consist of any text with maximum 32 byte, but the string must be the same on client and server side.

    • Initialization vector - This string reflects the value of the DBA setting SSO_AUTH_HEX_IV and is used for encrypting the data in combination with the encryption key. This string must consist of a 32 character long hex code. If you are unsure how to use it, it is recommended to keep the predefined setting.

  4. To avoid sending the sensitive data to the server as plain text, these information must be encrypted. The type of encryption used for the SSO login is AES (Advanced Encryption Standard) encryption with a 256 bit key. You can find sample code for .Net and JavaScript in AES Encryption Samples.

    The data entities Verification term, Company Id, and Email must be encrypted and converted to Hex code. These parameters will be used for building the final URL. The URL will be created in following format:

    <URL address to the SSO web launcher>?sso1=<encr./hex verification term>&sso2=<encr./hex company id>&sso3=<encr./hex email>

    Example:

    http://...xyz.de/index.aspx?sso1=913DE60F87D069C33A5D5C66EC035898

    &sso2=F8A6871431648FB0BAB6462D79161C0B4E92CE3C731513B5D5C014032C65BFFE

    &sso3=431648FB0BAB6462D79161C0B4E92CE3C731513B5D

    Open a browser with the created URL as target address.

  5. The Web launcher takes over the parameters and send them to the database where the decryption takes place. Depending on the outcome of these decryption, the user will be forwarded to the Smart Materials Portal with integrated login (success) or to an exception web page (failure).