{"id":28112,"date":"2017-10-17T15:53:13","date_gmt":"2017-10-17T13:53:13","guid":{"rendered":"https:\/\/mamchenkov.net\/wordpress\/?p=28112"},"modified":"2017-10-17T16:04:23","modified_gmt":"2017-10-17T14:04:23","slug":"single-sign-on-youre-probably-doing-it-wrong","status":"publish","type":"post","link":"https:\/\/mamchenkov.net\/wordpress\/2017\/10\/17\/single-sign-on-youre-probably-doing-it-wrong\/","title":{"rendered":"Single Sign On &#8211; You\u2019re Probably Doing It Wrong"},"content":{"rendered":"<!-- google_ad_section_start -->\n<p>Arnes Blanert wrote <a href=\"https:\/\/www.phparch.com\/2017\/08\/single-sign-on-youre-probably-doing-it-wrong\/\">an extensive article<\/a> for the <a href=\"https:\/\/www.phparch.com\/\">architect magazine<\/a> on the subject of Single Sign On (SSO).\u00a0 It covers both authentication and authorization via a variety of widely and not so widely used methods, including oAuth, SAML, JSON Web Token and more.<\/p>\n<p>As someone who was involved in a variety of Single Sign On implementations (see <a href=\"https:\/\/mamchenkov.net\/wordpress\/tag\/single-sign-on\/\">some of the posts<\/a> on the subject in my blog), I wish I had an article like this in my RSS feeds much much earlier.<\/p>\n<!-- google_ad_section_end -->\n","protected":false},"excerpt":{"rendered":"<!-- google_ad_section_start -->\n<p>Arnes Blanert wrote an extensive article for the architect magazine on the subject of Single Sign On (SSO).\u00a0 It covers both authentication and authorization via a variety of widely and not so widely used methods, including oAuth, SAML, JSON Web Token and more. As someone who was involved in a variety of Single Sign On &hellip; <a href=\"https:\/\/mamchenkov.net\/wordpress\/2017\/10\/17\/single-sign-on-youre-probably-doing-it-wrong\/\" class=\"more-link\">Continue reading <span class=\"screen-reader-text\">Single Sign On &#8211; You\u2019re Probably Doing It Wrong<\/span><\/a><\/p>\n<!-- google_ad_section_end -->\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"Single Sign On - You\u2019re Probably Doing It Wrong #WebDev #security #API #SSO","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2},"_links_to":"","_links_to_target":""},"categories":[1,18,133,62],"tags":[2404,200,3474,1330],"keyring_services":[],"class_list":["post-28112","post","type-post","status-publish","format-standard","hentry","category-general","category-programming","category-sysadmin","category-technology","tag-api","tag-security","tag-single-sign-on","tag-web-development"],"aioseo_notices":[],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack-related-posts":[{"id":24326,"url":"https:\/\/mamchenkov.net\/wordpress\/2015\/06\/09\/sso-with-nginx-auth_request-module\/","url_meta":{"origin":28112,"position":0},"title":"SSO with Nginx auth_request module","author":"Leonid Mamchenkov","date":"June 9, 2015","format":"link","excerpt":"SSO with Nginx auth_request module - SSO as in Single Sign-On. \u00a0Absolutely beautiful solution for one set of requirements, and a horrendous for another. \u00a0Worth knowing though.","rel":"","context":"In &quot;All&quot;","block_context":{"text":"All","link":"https:\/\/mamchenkov.net\/wordpress\/category\/general\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":25961,"url":"https:\/\/mamchenkov.net\/wordpress\/2016\/03\/20\/single-sign-on-sugarcrm-roundcube-multiple-php-sessions\/","url_meta":{"origin":28112,"position":1},"title":"Single Sign-On with SugarCRM and RoundCube Using Multiple PHP Sessions","author":"Leonid Mamchenkov","date":"March 20, 2016","format":false,"excerpt":"I am currently involved in an interesting integration project at work. \u00a0As part of it, we need to create a single sign-on process between\u00a0SugarCRM (version 6.5.20) and RoundCube (version 1.1.4) webmail application. \u00a0RoundCube webmail is being displayed within the iframe inside the SugarCRM user interface, so it would help if\u2026","rel":"","context":"In &quot;All&quot;","block_context":{"text":"All","link":"https:\/\/mamchenkov.net\/wordpress\/category\/general\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":27377,"url":"https:\/\/mamchenkov.net\/wordpress\/2017\/03\/02\/github-pricing-business\/","url_meta":{"origin":28112,"position":2},"title":"GitHub pricing : Business","author":"Leonid Mamchenkov","date":"March 2, 2017","format":false,"excerpt":"GitHub has yet another update to their pricing options. \u00a0Business plans have been launched with support for SAML single sign-on, 99.95% uptime SLA, 24x5 support with 8 hour response, and more. Unfortunately it still counts external contributors as users in the account, which makes it too expensive for my organizations,\u2026","rel":"","context":"In &quot;All&quot;","block_context":{"text":"All","link":"https:\/\/mamchenkov.net\/wordpress\/category\/general\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/mamchenkov.net\/wordpress\/wp-content\/uploads\/2017\/03\/github-pricing-500x225.png?resize=350%2C200&ssl=1","width":350,"height":200},"classes":[]},{"id":26001,"url":"https:\/\/mamchenkov.net\/wordpress\/2016\/04\/06\/sugarcrm-roundcube-and-request-tracker-integration-on-a-single-domain\/","url_meta":{"origin":28112,"position":3},"title":"SugarCRM, RoundCube and Request Tracker integration on a single domain","author":"Leonid Mamchenkov","date":"April 6, 2016","format":false,"excerpt":"In my years of working as a system administrator I've done some pretty complex setups and integration solutions, but I don't think I've done anything as twisted as this one recently. \u00a0The setup is part of the large and complex client project, built on their infrastructure, with quite a few\u2026","rel":"","context":"In &quot;All&quot;","block_context":{"text":"All","link":"https:\/\/mamchenkov.net\/wordpress\/category\/general\/"},"img":{"alt_text":"SAML workflow","src":"https:\/\/i0.wp.com\/mamchenkov.net\/wordpress\/wp-content\/uploads\/2016\/04\/saml_workflow_vertical-500x469.gif?resize=350%2C200&ssl=1","width":350,"height":200},"classes":[]},{"id":13500,"url":"https:\/\/mamchenkov.net\/wordpress\/2010\/10\/25\/web-designers-are-all-the-same-almost-sort-of\/","url_meta":{"origin":28112,"position":4},"title":"Web designers are all the same. Almost. Sort of.","author":"Leonid Mamchenkov","date":"October 25, 2010","format":false,"excerpt":"I came across an excellent graphical representation of a number of web design and development surveys, such as A List Apart Survey. \u00a0The infographic pulls results of several such surveys into a single long image with graphs and stats. \u00a0One thing that I was surprised by was how narrow the\u2026","rel":"","context":"In &quot;All&quot;","block_context":{"text":"All","link":"https:\/\/mamchenkov.net\/wordpress\/category\/general\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/mamchenkov.net\/wordpress\/wp-content\/uploads\/2010\/10\/web_designers_infographic.jpg?resize=350%2C200&ssl=1","width":350,"height":200},"classes":[]},{"id":26031,"url":"https:\/\/mamchenkov.net\/wordpress\/2016\/04\/18\/single-sign-on-between-sugarcrm-and-request-tracker\/","url_meta":{"origin":28112,"position":5},"title":"Single Sign-On Between SugarCRM and Request Tracker","author":"Leonid Mamchenkov","date":"April 18, 2016","format":false,"excerpt":"As mentioned\u00a0before,\u00a0over the last few month I've been involved in quite a few integration projects, using mostly SugarCRM and Request Tracker. \u00a0One of the interesting challenges was the Single Sign-On (SSO) between the two. The interesting bit comes from these facts: Different technologies: SugarCRM is written in PHP, while Request\u2026","rel":"","context":"In &quot;All&quot;","block_context":{"text":"All","link":"https:\/\/mamchenkov.net\/wordpress\/category\/general\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]}],"jetpack_sharing_enabled":true,"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/posts\/28112","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/comments?post=28112"}],"version-history":[{"count":0,"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/posts\/28112\/revisions"}],"wp:attachment":[{"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/media?parent=28112"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/categories?post=28112"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/tags?post=28112"},{"taxonomy":"keyring_services","embeddable":true,"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/keyring_services?post=28112"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}