As you perhaps know, ClinkerHQ includes a set of tools that can help you to manage your software development life cycle. But ClinkerHQ goes beyond that, we have developed additional pieces to make as easy as possible what is usually difficult, saving you both time and money.
One of the key parts of this “glue” is ClinkerHQ SSO Gateway. This component acts as an identity provider and authorization source inside the ecosystem. Like any advanced SSO system, ClinkerHQ SSO has four main features:
- Authentication: Who are you?
- Authorization: What are you allowed to do?
- Session propagation: I already know who you are.
- Anonymous access.
When you do login on every integrated application (Jenkins, Sonar, Redmine, etc) you will always see the same login form (it is actually the SSO Gateway login form). This is authentication:
After login you will be redirected to the original application. At this point, authorization, the second part of the SSO comes into play. Every application has an SSO plugin installed, which must do the following:
- Catch the incoming request
- Check the authentication state
- Get the list of permissions for the user from the SSO
- Set up the logged in session in the concrete application
As a result, the user only perceives that the login form is not the same as the one in the original application. But there is one other feature that you’ll love. If the user opens a new browser tab and goes to another application the logged in session will be automatically propagated; no new login (nor click on login button) is required. This is session propagation, and it is performed as part of point 1 described above. If the incoming request comes with an alive SSO session, the authorization is done automatically (without user interaction).
The Single Sign On provides ClinkerHQ users with two main benefits:
- Work and surf on the ecosystem doing only one login.
- Centralize the users and permissions management on one tool.
At this point, you are probably thinking “What is the management tool?” It is ClinkerHQ Desktop, and we will talk about it soon in this blog, so stay tuned!
If you want to see the SSO working, we published a video some time ago (it’s really about configuring a Scala project in ClinkerHQ, but you will perceive the SSO there).