To enable integration between a portal and the Vault Management Console (CMC), the Nicman Vault system employs one-way hash based Single Sign-On (SSO) solution. It allows for cross-domain sign-ons from the portal to CMC.
User provisioning is beyond the scope of the provided SSO solution. The Vault provides an Admin API for user provisioning but the implementation of user mapping is left to the portal application integrating with CMC.
 |
The CMC’s SSO solution has been redesigned in the Vault version 5.0
The following changes have been made.
-
The SSO Secure URL (ssosecurelogin.htm) now directly creates an authenticated CMC session instead of returning a CMCSSO cookie. Therefore, it is now possible to do cross-domain sign-ons from a portal to CMC. The portal and CMC no longer have to be on the same top level domain such as ".nicmanlab.com".
-
ssosecurelogin.htm also takes an optional query string redirect=RELATIVE_OR_ABSOLUTE_URL, which can be used to redirect the client to a CMC interior page upon successful sign-on.
-
The CMC logout URL (logout.htm) now takes an optional query string redirect=RELATIVE_OR_ABSOLUTE_URL, which can be used to redirect the client back to a portal page after signing out from the CMC.
|
 |
Backward compatibility and deprecated APIs
This redesigned SSO solution provides backward compatibility. If you already have working SSO from a portal to an earlier version of the CMC, it should remain working.
However, some of the SSO methods from earlier releases have been deprecated. Nicman recommends not using these methods, and in a future release support for them will be discontinued.
-
The method for having your portal application create a CMCSSO cookie has been deprecated. Use SSO secure login API (ssosecurelogin.htm) instead.
-
The method for having the CMC create a CMCSSO cookie using password (ssologin.htm) has been deprecated. Use SSO secure login API (ssosecurelogin.htm) instead.
-
The CMC SSO logout API (ssologout.htm) has been deprecated. Use CMC’s regular logout URL (logout.htm) instead.
|
