Single Sign On
Single Sign On (SSO): Allows you to Use One Set of Login Credentials to Access a Number of Different Applications.
The Chrome River system supports two methods of SSO: Web-based Chrome River SSO and a fully compliant Security Assertion Markup Language (SAML) implementation—the choice of which depends on your company’s preference and infrastructure capabilities. Regardless of the underlying technology or method used, the user experience is the same: Once logged in to the company intranet, the user simply clicks a link to launch the Chrome River application without entering a separate user ID or password.
Chrome River SSO Server:
This is a simple Web-based method that consults the company’s SSO server. With this method, a user clicks on a link on the organization’s internal intranet after logging in with his or her corporate network credentials. The intranet calls Chrome River (with an HTTPS POST) and passes the user's login credentials. The Chrome River system then makes a call to the organization's SSO server. The role of this server is to verify that the user ID and password are valid. The SSO server responds to Chrome River with a simple valid/invalid message. Once the credentials are validated, the application is started. This method is based on similar and standard procedures offered by other Software as a Service (SaaS) providers.
If your organization would like to host and control the SSO servers in this fashion but does not have the internal resources, ALP Consulting & Development offers services compatible with the Chrome River system.
SAML SSO Server:
The Chrome River system also supports SSO by means of SAML, a standards-based method that facilitates the exchange of authentication messages contained in XML documents among the Identity Provider (IdP), Service Provider (SP) and user. Authentication gives the user access to multiple software portals outside of an organization’s intranet access point without requiring repeated logins. Currently, Chrome River is able to provide IdP- and SP-initiated SAML service for SAML versions 1.1 and 2.0. For further information on SAML 2.0 in general, consult the Wikipedia article SAML 2.0. Using a SAML approach, the organization maintains an IdP whose role is to deliver the authentication credentials to the Chrome River system.
There are a number of IdP options available. Your organization may use on-premises server options like Ping Identity or open-source alternatives like Shibboleth, which is used widely by the academic community. You may also outsource IdP service to such SaaS-hosted solutions as OneLogin, which offers integrated login capabilities for Chrome River and many others.
Below are the SSO servlet URLs:
- PRODUCTION - https://www.chromeriver.com/cr-sso/SingleSignOnServlet
- UAT (if subscribed)- https://qa.chromeriver.com/cr-sso/SingleSignOnServlet
Your organization should provide Chrome River with the following information for each environment (UAT, if subscribed, and Production):
- IP address(es) or URL(s) to use for the POST to your SSO server.
- User name and password that enable Chrome River to log in using your SSO Server for implementation and testing purposes. These credentials only need to provide basic access to the Chrome River application.
Chrome River will create a support ticket with the above information and coordinate with Chrome River’s development team and your organization to set up SSO reception.
- Point your organization’s SSO server to the UAT (if subscribed) server for testing
- Point your organization’s SSO server to the PRODUCTION server for use
CHROME RIVER IP ADDRESSES:
The following are IP addresses from which Chrome River messages will originate. Be sure that your organization’s firewall allows them access.
- UAT (if subscribed)- qa.chromeriver.com: 220.127.116.11
- PRODUCTION - www.chromeriver.com: 18.104.22.168
- STAGING - staging.chromeriver.com: 22.214.171.124