Manage JavaScript SDK single sign-on for the registration UI


The content on this page deals with single sign-on (SSO) using the JavaScript SDK. Due to changes in web browser technology, including the fact that most browsers prohibit the use of third-party cookies, SSO using the JavaScript SDK is no longer available to new Identity Cloud customers. (However, we will continue to support existing customers who use this methodology.) If single sign-on is important to you we recommend that you use Hosted Login for your login and registration needs. See our Getting Started Guide to learn more about how single sign-on is implemented in Hosted Login.

This article describes how you can implement the single sign-on solution for a family of websites by using the Registration UI.

Enable required JavaScript settings

SSO is configured in the JavaScript settings used for Registration. The following settings must be enabled on all sites within your SSO network:

janrain.settings.capture.federate = true;
  // The federateServer URL will be provided by Janrain.
  janrain.settings.capture.federateServer = '';
  janrain.settings.capture.federateXdReceiver = '\_receiver.html';
  janrain.settings.capture.federateLogoutUri = '';

Set up XD receiver URLs

Each site needs to host a static XD receiver (cross-domain receiver) page, a page which s never visible to the end user. The XD receiver page for each site must reside on the same domain as the main site, or SSO will not work in some browsers.

The following content must also be added to the federateXdReceiver page:

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
<html xmlns="" >
 <title>Cross-Domain Receiver Page</title>
 <script type="text/javascript">
 Cloudfront direct might be a little faster:
 but will be easier for IT to whitelist:
 var xdcommJs = (("https:" == document.location.protocol) ? "" : "");
 document.write(unescape("%3Cscript src='" + xdcommJs + "' type='text/javascript'%3E%3C/script%3E"));

Set up logout URLs

Each site needs to host a static SSO logout page, which is never visible to the end user. The SSO logout page for each site must reside on the same domain as the main site, or SSO will not work in some browsers.

Enable optional JavaScript settings

There are several Registration JavaScript API settings that can be enabled as well. The following example shows how to configure segments to create groups of sites that can be logged into by using SSO.

janrain.settings.capture.federateSegment = 'segment\_1';
  janrain.settings.capture.federateSupportedSegments = ["segment\_2","segment\_3"];

Handle SSO logins

After a user has logged into one of your sites, Identity Cloud automatically logs that user into any other SSO-enabled site that he or she visits. Both the onCaptureLoginSuccess and the onCaptureFederateLogin events fire with the ssoImplicitLogin property set to true to identify the login event with SSO. This gives you the option to treat logins via SSO differently.