__MAGIC_BLOCK_0__

This article describes how you can implement the single sign-on solution for a family of websites by using the Registration UI.

Enable required JavaScript settings

SSO is configured in the JavaScript settings used for Registration. The following settings must be enabled on all sites within your SSO network:

janrain.settings.capture.federate = true;
  // The federateServer URL will be provided by Janrain.
  janrain.settings.capture.federateServer = 'https://example.janrainsso.com';
  janrain.settings.capture.federateXdReceiver = 'https://mysite.com/xd\_receiver.html';
  janrain.settings.capture.federateLogoutUri = 'https://mysite.com/logout.html';

Set up XD receiver URLs

Each site needs to host a static XD receiver (cross-domain receiver) page, a page which s never visible to the end user. The XD receiver page for each site must reside on the same domain as the main site, or SSO will not work in some browsers.

The following content must also be added to the federateXdReceiver page:

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
 <head>
 <title>Cross-Domain Receiver Page</title>
 </head>
 <body>
 <script type="text/javascript">
 <!--
 Cloudfront direct might be a little faster:
 https://d1lqe9temigv1p.cloudfront.net/js/lib/xdcomm.js
 but janraincapture.com will be easier for IT to whitelist:
 https://ssl-static.janraincapture.com/js/lib/xdcomm.js
 -->
 var xdcommJs = (("https:" == document.location.protocol) ? "https://ssl-static.janraincapture.com/js/lib/xdcomm.js" : "http://cdn.janraincapture.com/js/lib/xdcomm.js");
 document.write(unescape("%3Cscript src='" + xdcommJs + "' type='text/javascript'%3E%3C/script%3E"));
 </script>
 </body>
</html>

Set up logout URLs

Each site needs to host a static SSO logout page, which is never visible to the end user. The SSO logout page for each site must reside on the same domain as the main site, or SSO will not work in some browsers.

Enable optional JavaScript settings

There are several Registration JavaScript API settings that can be enabled as well. The following example shows how to configure segments to create groups of sites that can be logged into by using SSO.

janrain.settings.capture.federateSegment = 'segment\_1';
  janrain.settings.capture.federateSupportedSegments = ["segment\_2","segment\_3"];

Handle SSO logins

After a user has logged into one of your sites, Identity Cloud automatically logs that user into any other SSO-enabled site that he or she visits. Both the onCaptureLoginSuccess and the onCaptureFederateLogin events fire with the ssoImplicitLogin property set to true to identify the login event with SSO. This gives you the option to treat logins via SSO differently.