Can we use FA as a SSO provider for another platform?
-
We are using FA as identity provider and also have third party identity providers configured to leverage users stored elsewhere. That works perfectly. Now we want to use FA as a SSO provider for another platform. We want to use a video platform that supports SSO and we want the platform to authenticate users in FA and then send them back to the platform with a JWT coming from FA. How would that be done? Do I create an application and use the login URL as an SSO endpoint?
-
Yes, if the platform supports OpenID Connect, you’ll create a new Application and use the OpenID Connect integration details from the view dialog for the video platform.
Here's the view page of a test application:
The video platform may have different terms for some of these URLs.
-
What if they want a redirect to a custom URL?
Looks like they have some custom JWT redirect scheme. Not a standard really...
After authentication at FA they want the JWT to go to specific URL like https://video-palform.com/api/sso/v2/sso/jwt?jwt={payload}&return_to={url to return to}&error_url={url to redirect to in the case of an error} -
You’re correct. That is not a standard redirect URL. You could easily build some glue code to to look like an OpenID Connect compliant SP and then handle the redirect yourself. I am not super familiar with some of the OpenID Connect server options, but something like Hydra may be useful here. Perhaps some others from the community here can help with off the shelf options if you don’t want to code it yourself.
But coding it yourself may be the easiest, if you coded it in Node or something like that, it would be super simple, you’d have FusionAuth redirect to your node app and then you’d redirect to the video platform.
