[Deprecated] Use OpenID for SSO
Deprecated section
This section of our wiki is deprecated. You landed here because we developed new better tools to integrate with Maestrano and our Partners. We now have a brand new Developer Platform which simplifies a lot your integration on all our Partner Marketplaces (both to manage marketing listing and to manage your technical integration).
If your application is already integrated with Maestrano, do not panic! Your integration still works perfectly. To simplify your journey with us and our partner's marketplaces, we will onboard you soon on the developer platform. If you want to know more, just send us an email (developers@maestrano.com), nothing to be afraid of
Maestrano allows you to do single sign-on via OpenID. For that we give you the url of our OpenID provider to which you can connect using your favorite OpenID consumer library.
How to connect?
The only specificity of our OpenID endpoint is that it contains the application id (or api id) of the consumer (your application). This application id is obtained from the dev sandbox for testing or from the app provider dashboard we have created for you on maestrano.com (production + production sandbox).
Environment | OpenID Provider |
---|---|
Dev Sandbox | http://api-sandbox.maestrano.io/api/openid/provider/<your-app-id> |
Production + Production Sandbox | https://maestrano.com/api/openid/provider/<your-app-id> |
Do I need to configure the Maestrano SDK in a certain way?
Yes - we need to be made aware of your return url to authorize it. "Hmm, this is weird for an OpenID provider...", yes indeed. We use OpenID because it is a popular protocol but restrict it to approved applications only.
In the Maestrano SDK, you need to configure the "app host" and "sso idp" as well as the "sso init_path" to match domain and the path where customers will be returned to upon authenticating with Maestrano via OpenID,
It's actually good news!
Because we only work with trusted and verified providers, we do not need to interrupt the OpenID workflow to ask the customer if they authorize the website and accept to share their identity details. This eventually gives a more seamless single sign-on experience on first login. Click! Done!
You don't use the Maestrano SDK? Or cannot implement the metadata endpoint? Just contact us directly at developers@maestrano.com and we'll help you.
What data are available via OpenID?
Our OpenID provider returns both SREG and AX data, should you ask for it or not. SREG data are not really sufficient to properly perform service provisioning via single sign-on and we do not recommend using this extension. We have implemented it for completeness but you should use AX.
AX has a good base schema for consumer data but kind of lacks some attributes when it comes to business software. To fill the gap, we have extended the base AX schema with custom attributes under the maestrano namespace. The complete list of AX attributes is available below: