Set Up Acrolinx for Single Sign-on

Single Sign-on Configuration

If your web applications run in a single sign-on environment, you can configure Acrolinx work in your single sign-on environment as well. You configure single sign-on by updating the Acrolinx core server properties and the configuration of your web application.

What is Single Sign-on?

Single sign-on (SSO) is a user authentication process. When single sign-on is deployed, users provide their sign-in details once to access multiple applications. This process ensures that users don’t have to enter their sign-in details again when they switch applications. The network administrator can configure the single sign-on software so that users can only access specific applications. Web single sign-on works only with applications accessed with a web browser. The request to access a web resource is intercepted either by a component in the web server, or by the application itself. Unauthenticated users are diverted to an authentication service and returned only after a successful authentication.

What is the Difference Between Single Sign-on and External Authentication?

The terms "Single Sign-on" and "External Authentication" are sometimes used interchangeably but they're not the same thing. Single Sign-on is a system that allows one application to trust a user who has already been authenticated by another application. External authentication is the process of authenticating a user with an external service such as LDAP. If you need external authentication, Acrolinx also supports external authentication with LDAP. If you have Acrolinx version 5.1 or later, you can also use SAML and PingFederate to Authenticate Users.

Which Single Sign-on Methods Does Acrolinx Support?

You can configure Acrolinx to search for an SSO identifier in the request header sent by the web browser.

How Does Acrolinx Work with Web Applications When Authenticating Users?

When users sign in to your web application and run a check with Acrolinx, the user sign-in details are passed on to Acrolinx. If the user already exists, no further action is required. If the user doesn’t yet exist, the user is automatically created in the Acrolinx database with the same username that they used to sign in to your web application.

Configuring the SSO Properties

To integrate Acrolinx into your single sign-on configuration, you need to configure Acrolinx to search for SSO identifier in the request header.

To configure the SSO properties, follow these steps:

  1. Open the core server properties file and add the following property:

    singleSignOn.method=header
    singleSignOn.usernameKey=username
    singleSignOn.passwordKey=password
  2. Configure the generic password that is used in your single sign-on configuration, by adding the following property:

    singleSignOn.genericPassword=<PASSWORD>
    Example
    singleSignOn.genericPassword=Sus5AbUt

    The term contribution feature isn’t included in the Acrolinx support for single sign-on. Users must enter their password when they open the term contribution form, but not when they access an Acrolinx web client. The generic password is automatically used for client authentication when users check with Acrolinx web clients.

  3. To restrict single sign-on to a set of configurable hosts, add the following property:

    singleSignOn.allowedRemoteAddresses=<ADDRESSES>

    In the following example, a comma-delimited list of secured remote addresses has been entered by using regular expressions:

    Example
    singleSignOn.allowedRemoteAddresses=10\.10\..*\..*,192\.168\..*\..*

    Enter regular expressions in the Java regular expression syntax. However, range quantifiers such as \d{1,3}aren’t supported because they contain commas that interfere with how the property is interpreted.

    The following example shows all properties required for the SSO configuration together.

    Example
    singleSignOn.method=header
    singleSignOn.genericPassword=Sus5AbUt
    singleSignOn.usernameKey=username
    singleSignOn.passwordKey=password
    singleSignOn.allowedRemoteAddresses=10\.10\..*\..*,192\.168\..*\..*
  4. Save the core server properties file and restart the core server.