Set Up oAuth or SAML Single Sign-On (SSO) with Hub Authentication

Follow

Hub Authentication can be converted into any other authentication pattern of your choice, such as oAuth or SAML. Here's how.


 

Overview

  1. Using custom code, insert a button to your authentication page and hide the login form.
  2. On your own authentication page/script, upon successful login by your user, grab a one-time token for this Hub using the API method AuthenticateHubUser.
  3. Redirect your authenticated user back to the Hub with the token appended as a query string.

 

Step 1: Add Custom Code

In the Custom Code section, add the following HTML:

<div class="oauth">
 <a class="btn" href="https://yoursite.com/oauth-login">Login with oAuth</a>
</div>

You can style this however you like (note: Hubs has Bootstrap 2.0 classes/glyphs available).

Because we only want this button to show on the login page, and because we don't want the password/submit form to display, add the following CSS in the Custom Code section:

/* hide the auth button container by default */
div.oauth{display:none;}
/* show the auth button container only when on the login page */
body.hub-login div.oauth{display:block;}
/* hide the default login form */
body.hub-login .login-form{display:none}

The final step is to make sure you enable Authentication and Custom Code on your Login page from the Hub Authentication settings page. You should avoid adding any passwords for this scenario since the user will never see the login form anyway.

Hubs___Options_-_Authentication_-_Uberflip.png

This will convert your login screen from something like 

 

Step 2: Select an Authentication Method

[Insert your authentication method here]. This part's really up to you. Some examples of how you could authenticate your users include:

  • your own username/password form that's tied to your existing system/database
  • oAuth to any supported service such as Twitter or LinkedIn (i.e. your content's not confidential, you just want people to enter by connecting their social account)
  • SAML/SSO/Google Apps
  • etc.

Once you've authenticated this user, the next step is to get a one-time auth token for this Hub which will give this user access to your Hub for a single session. Once the token is used, it's removed from our database.

 

Step 3: Set Up the Redirect

As explained in our API docs you can request this token using your API credentials and your Hub's ID.

The API method will return a token such as 

<Token>Yjk5YmU4Nzc3OGM4ZDljZTIyN</Token>

Simply redirect the user back to your Hub with the token appended in the query string, as below.

Subdomain:

hub.yoursite.com/?token=Yjk5YmU4Nzc3OGM4ZDljZTIyN

Subdirectory:

www.yoursite.com/hub/?token=Yjk5YmU4Nzc3OGM4ZDljZTIyN
0 out of 0 found this helpful