Blog

HomeImplementationImplementing SAML Single-Sign-On and its Challenges
Implementing-SAML--850x350

Implementing SAML Single-Sign-On and its Challenges

by on 22 August 2017in Implementation

Recently we came across a request for implementing a SAML based Single-Sign-On solution for an educational institution. SAML stands for Security Assertion Markup Language. It’s a standard for implementation of Single-Sign-On integration between two entities to allow seamless access of content to end users without the user having to sign-on more than once.

Even though SAML as a standard has been in existence for quite some time, every implementation of a SAML based solution has its own tweaks due to the custom nature of the end products. In this case, the institution wanted to give their students, access to their financial management system from their student campus portal. The requirement was for the students to logon to their Campus Portal and access the Financial System from within the Campus Portal in a seamless fashion.

The requirement sounded simple to begin with but the devil was in the details. The institution was using a SAAS based solution for their Campus Management implementation on one side, and another SAAS based solution for their Students Financial Management. Both these providers even though claimed to support Single-Sign-On implementation, it wasn’t straightforward. Both the systems shared their interfaces for SSO implementation, but they did not allow any customization to be done at their respective ends to talk to each other. This raised a unique challenge for the institution. At MITS, we proposed a middle layer to communicate between these two providers. The following diagram gives a high level overview of our proposed solution. We built the integration services that would take care of first connecting to the Campus Portal to authenticate and receive the Student Details. Later another service would use the Student Details to perform a SAML Response submission to the Financial Management system. The authentication was done using the Identity Provider based SAML Assertion with the Financial Management system.

High Level SAML SSO Implementation Design

We were able to achieve the needs of the institution as well as satisfy the integration requirements of both the Student Campus Portal and the Financial Management System in a highly secured manner. With this solution, students can now logon to their Campus Portal for various locations and access their respective Financial Management Dashboards in a seamless fashion.

Share this article
0
Kiru Veerappan

Written by

Kiru Veerappan is the Chief Technology Officer at MITS. He has more than 20 years of technology experience in enterprise solution implementation specializing on enterprise content management and business process management systems.