SSO (Single Sign On) Application

This solution describes how to use the Attendance on Demand (AoD) Web Services API methods to create tokens which are then used to allow managers and employees to bypass the need to log in again to access the Manager Self Service (MSS) and Employee Self Service (ESS)

1. Background
2. Use Cases

Background

Most employees have a system they already need to enter credentials for. Utilizing AoD’s Web Services API can allow these same employees to bypass the need to re-enter additional credentials to access the MSS and ESS pages of AoD.

Function

Allow single sign on access.

---

Use Cases

AoD has identified use case scenarios for managing Single Sign On.

Consult the examples below to find the use case that corresponds to your business needs.

---

Use Case 1 - First Time Login - MSS

What needs to be done to accomplish the return of a Native User Identification Token (NUIT) which is then stored locally to allow subsequent logins

Preconditions

• Vendor Token Values – Supplied by AoD and stored locally
• Web Service Account – Domain level account used across multiple URI’s
• URI – Valid AoD database
• AoD Access Account and Password – Individual account

Activity Flow

1. User attempts to access service from Attendance on Demand (AoD) for the first time and is prompted for credentials for authentication
2. User provides credentials
3. The AoD Operator credentials are passed securely to AoD along with a trusted Vendor Token. If valid, an encrypted token called the Native User Identification Token (NUIT) is created and returned to the Service Provider AoD’s web services are used to establish another session to return a full URL used to establish another session to return a full URL used to identify the navigation location for opening a new browser window to AoD services.
4. Service Provider redirects User’s browser to an AoD Manager Self Service (MSS) session.

API Usage

• Structure - TAeAuthenticationPackage

• Method - getUserAuthPackage

TAeAuthenticationPackage authenticationPackage = new TAeAuthenticationPackage()
{
    DomainAccount = WebServicesAccount,
    Password = WebSericesAccountPassword,
    VendorToken = VendorToken,
    PreAuthAction = Convert.ToInt32(VendorTokenPassword)
};

authenticationPackage = webServices.getUserAuthPackage(authenticationPackage);
string nativeUserIdentificationToken = authenticationPackage.SendBackPackage;

---

Use Case 2 - MSS Subsequent Logins

Using the Native User Identification Token, which was returned in the Use Case 1 example, to log in to MSS

Preconditions

• Native User Identification Token
• Web Service Account – Domain level account used across multiple URI’s
• URI – Valid AoD database

Activity Flow

1. User clicks on a link to Attendance on Demand (AoD). Since the User has already been authenticated by AoD, a locally stored Native User Identification Tiken is re-used to identify the operator and retrieve.
2. AoD inspects the inbound NUIT from the web service API call and validates. If valid, an internal ‘bootstrap’ session build a full URL to the operator’s browser session.
3. Service Provider redirects User’s browser to an AoD Manager Self Service (MSS) session.

API Usage

• Structure - TAeSessionAuthenticationPackage

• Method - getPreAuthUserLoginURL

TAeSessionAuthenticationPackage sessionAuthenticationPackage() = new TAeSessionAuthenticationPackage()
{
    EnforcementMode = 0,
    ExpireImmediately = true,
    MiniHeader = false,
    PreAuthPackage = NativeUserIdentificationToken,
SubIFrame = https:// + yourAoDURI + “.attendanceondemand.com/mobile/mss3.aew/Default”
};

string mssLink = webServices.getPreAuthUserLoginURL(sessionAuthenticationPackage);
System.Diagnostics.Process.Start(mssLink);

---

Use Case 3 - ESS Logins

Return a URL which will allow an employee to access the AoD ESS system without need to sign in

Preconditions

• Web Service Account – Domain level account used across multiple URI’s
• URI – Valid AoD database
• Employee AoD ID Number

API Usage

• Structure - TAeESSPreAuthPackage

• Method - getEmpESSPreAuthLoginURL

TAeESSPreAuthPackage essPreAuthPackage = new TAeEssPreAuthPackage()
{
    empID = validEmployeeID
}

string essURL = webServices.getEmpESSPreAuthLoginURL(essPreAuthPackage);
System.Diagnostics.Process.Start(essURL);

Back to Top