Single Sign-On with Coursepath
Single sign-on is a mechanism that allows you to authenticate users in your systems and subsequently tell Coursepath that the user has been authenticated. The user is then allowed to access Coursepath without being prompted to enter separate login credentials.
Coursepath only grants access to the users that have been authenticated by you. Coursepath uses a technology called JSON Web Token (JWT) for securing the exchange of user authentication data. See also our JWT page.
The single sign-on authentication process
This is the single sign-on authentication process:
- Your user is browsing your company's intranet or website (for example, https://intranet.mycompany.com).
- A script on your side authenticates the user using your proprietary login process.
- Your script builds a JWT token that contains the relevant user data.
- You redirect the user to your Coursepath domain (for example https://mycompany.coursepath.com) with the JWT token as a query string parameter.
- Coursepath parses the user detail from the JWT token and then grants the user a session.
As you can see, this process relies on browser redirects and passing signed messages using JWT. The redirects happen entirely in the browser and there is no direct connection between Coursepath and your systems, so you can keep your authentication scripts safely behind your corporate firewall.
How to implement your SSO script
Authenticate the user
Make sure the user is authenticated at your end. Obtain the authenticated user's email address. This is what Coursepath needs to uniquely identify your user.
Create the JWT token
Generate the JWT for your authenticated user. See our JWT page for instructions.
The JWT token can be used only once, and is valid for only a couple of minutes. Generate the JWT token only just before you redirect the user.
Redirect the user
Now make the URL where you will send your authenticated user, according to this template:
token parameter is required. This is the signed JWT token containing the user's email address so we can grant the session.
locale parameter is optional. See our Formats page for supported languages.
next parameter is optional. This is the path of the page where the user must land. For a particular course, use the path