Demo code for implementing a proxy in a single sign-on environment in Java.
Please contact Acrolinx SDK support for consulting and getting your integration certified.
Acrolinx offers different other SDKs, and examples for developing integrations.
Before you start developing your own integration, you might benefit from looking into:
To enable single sign-on, add the following example properties to the coreserver.properties
file:
singleSignOn.genericPassword=secret
See: About Single Sign-On with Acrolinx.
Note: Make sure that you use a proper secret for the genericPassword
.
In the config.js
of your Acrolinx Integration,
set the Acrolinx URL to point to the relative proxy path as follows:
serverAddress: '/acrolinx-proxy-sample/proxy'
Make sure:
- the webserver running the proxy delivers the HTML of the integration.
- the relative proxy path points to the correct location of your proxy.
See also:
Configure the Acrolinx URL, username, and single sign-on password in the web.xml file.
The parameter names are acrolinxUrl
, username
, and genericToken
.
Deploy to a Web container like Apache Tomcat:
mvn package
cp target/acrolinx-proxy-sample.war <WEBCONTAINER>/webapps/
The given sample demonstrates consuming the rest call api/v1/auth/sign-ins
for Acrolinx authentication.
If you open http://<WEBCONTAINER>/acrolinx-proxy-sample/
, like http://localhost:8080/acrolinx-proxy-sample/
then press the sign-in button and it will either give you the interactive URL to the complete sign-in,
or a success message with details.
Make sure to implement the proxy in a secure way. Especially take care of:
- The entire authentication is checked in the proxy layer.
- The username is already authenticated in the system you integrate.
- The proxy adds the username header and the SSO token header.
- The SSO token is kept secret between the system's backend and the Acrolinx Platform.
- It's impossible to fake a request to the proxy and obtain an authentication token for a different user than the authenticated user.
The Acrolinx Platform usually runs on state-of-the-art security standards. Out of the box and HTTP clients might not be able to connect. Make sure that you configured your VM, operating system, and backend to allow connections with modern TLS versions.
Please make sure to test with an appropriate configuration before rollout.