OpenSSO API WSDL
  Download PDF

OpenSSO SOAP API Description

Usage

OpenSSO provides a very simple API to enable OpenOTP single sign-on across several web application. The API allows setting, removing and checking SSO sessions. The SSO session IDs should be given to the end users in Web browsers’ cookies.

A typical usage of OpenSSO is:

User authenticates on Server1:
The web application on Server1 performs the following SOAP calls to the WebADM server.

SOAP Calls Response
1. openssoCheck
failure user not authenticated
2. openotpLogin
failure Do not start a SSO session
success Start a SSO session
3. openssoStart

User goes to Server2:
The web application on Server2 performs the following SOAP calls to the WebADM server.

SOAP Calls Response
1. openssoCheck
success Session valid - No need to re-authenticate user
failure Authenticate user again with OpenOTP
2. openotpLogin
3. openssoStart

The openssoStart returns a session ID. This session ID should be provided to the user browser in a cookie. This way the user will present his session ID to all the servers in your SSO system.

OpenSSO allows transporting and updating user data in the SSO sessions. This is a convenient way to pass work data from Server1 to Server2 in the context of an established SSO session.

OpenSSO provides 4 methods:

1. openssoStart

Used to start an SSO session.

The request contains the following attributes:

  • username: User login name (mandatory).
  • domain: User login domain (optional if OpenSSO has a default domain setting set).
  • data: Any serialized data to be stored in the SSO session.
  • client: Client identifier (NAS) to be used in service logs (defaults to the client IP address).
  • source: IP address of the end user system (optional).
  • settings: List of OpenSSO settings which will override the user/group/application server-side settings (ex. SessionTimeout=600,SessionRenew=Yes).

The response contains the following attributes:

  • code:
    • 1 means session start success.
    • 0 means session start failure.
  • error: The error ID if code 0 was returned. The ID corresponds to the error message template names in opensso.xml (ex. BadUser).
  • message: The server reply message to be displayed to the user.
  • session: OpenSSO session ID on success.
  • timeout: SSO session time.

2. openssoStop

Used to stop an SSO session.

The request contains the following attributes:

  • session: OpenSSO session ID.

The response contains the following attributes:

  • code:
    • 1 means session stop success.
    • 0 means session stop failure.
  • error: The error ID if code 0 was returned.
  • message: The server reply message to be displayed to the user.

3. openssoCheck

Used to check an SSO session.

The request contains the following attributes:

  • session: OpenSSO session ID.
  • data: If non-empty, updated data to be stored in the SSO session.

The response contains the following attributes:

  • code:
    • 1 means session still valid.
    • 0 means session not existing or expired.
  • error: The error ID if code 0 was returned.
  • message: The server reply message to be displayed to the user.
  • data: The SSO session data if any.

4. openssoStatus

Used to query a server status.

The request does not contain any attribute.

The response contains the following attributes:

  • status:
    • 1 if the server is willing to accept requests.
    • 0 if the server cannot accept new requests.
  • message: The server status details.