Web applications deployed to Helion Stackato can take advantage of an authentication mechanism that restricts access to authenticated users of Helion Stackato. This feature is called Application SSO.
SSO can be enabled on a per-application basis. Once enabled, end users must log in to Helion Stackato before accessing the application. The login process is completely transparent to the application, and requires no custom code in the application.
To enable SSO for an application via the Management Console, select Helion Stackato single sign-on under Application Access in the application Settings view.
Application SSO is only supported over HTTPS. If users try to connect to an SSO application via HTTP, Helion Stackato will redirect the request to HTTPS. If the site is not served via HTTPS, this will fail.
For SSO applications, Helion Stackato reserves the
/sso-callback path on the
root application URL for internal use (for example,
https://app.example.com/sso-callback). Applications that use SSO will not be
able to serve requests under this path.
When SSO is enabled each HTTP request that is made to the app will have the following headers added to it:
"x-authenticated-user-id": "5d30c4r3-9985-4aa7-b371-146a7b0832b0" "x-authenticated-user-username": "jouser" "x-authenticated-user-email": "email@example.com"
Application developers may choose to write code to access these HTTP headers if required.