Related links
Homepage
User documentation
Uživatelská dokumentaceFront-End Scripting
CMS - Content Management & Web API services
Task, Project, Quality
Task & Task pattern
System Management (part of framework)
HR - Human Resources
Mobile & Web Application
- clientprogramming_fevaldataobject
- userinterface-objectstructure
- cliplink
- npmlibraries
- fclip
- drag-drop
- AyMINE Application
- objectdefinition_inlineedit
- npmlibraries_stringlibrary
- clientprogramming
- mobileapplication
- languagesupport
- objectdefinition_multiupdate
- clientprogramming_fevalglobal
- clientprogramming_fevallanguage
- clientprogramming_fevaluser
- objectdefinition_viewdefinition
- offlineobjects
- System console
- Runtime debugging
- objectdefinition_detailview
Framework Core functionality
- prices
- managementfaq
- prices_private-installation
- clientdefinedattributes
- phplibraries
- servermethods
- io_export
- AyMINE Framework Server
- The AyMINE licence model
- System Rights
- servermethods_frmfrm
- io_import
- multiclient-architecture
- servermethods_stringsandtranslations
- frmevent
- System messaging
- usersessions
- User defined fields
Libraries & Lincences
Module - support for management
FI - Finance Management
Sales & Asset management
Sales related services
Description of a part of the AM module - sales partSingle Sign-on authentication
Single sing-on supports access to the application verified by authentication from external source
Single-sign on (aka SSO) authentication described here expects that client uses its own single-sign server for all clients. Application does not allow direct login but user should access using external service and link.
System currently can provide authentication identity for other application of required or accept user identity token from external SSO source.
When SSO is integrated, user login data are not stored in the system at all – except when mobile application is allowed. Clients should use external page to login to the SSO and than open the application page using special link that is client-specific
Communication with external Single-Sign portal describes the activity diagram bellow:
Methods requires authentication verification from external SSO application. Server configuration is always client-specific and should by set up by system administrators including definition of the client-specific page for SSO redirect.
Standard login dialog cannot be used to login to the SSO account.
SSO method Limitations
SSO is not usable with the mobile application. Using the application could be total disabled for client's users or users should define password usable only for application.
Mobile application security
When user has Single-sign and mobile application activated together, application should be activated using the sign-up scheme:
- Start AyMINE at computer (browser) using the SSO authentication
- Request create password for mobile application
- Install & start mobile application
- Login to the mobile application with password
- Confirm application in the AyMINE at browser
- Logout and login again the to mobile application
Even when user has defined password for application:
- Password could be used to login using the default login dialog
- No other device could use the password. Each device should be individually confirmed in the browser before it could access the account
Activity diagram for application registration with single-sign on authentication mode.
