What is SSO

Single sign-on is a technique that allows to login with a single ID and password to any of several related, yet independent, software systems. It is enough to log in only once in any application and the other related systems doesn't need any authentication. Benefits:

  • minimize the risk of the multiple implemented login logic
  • needs less subscription and activation from the user
  • central user management

Infrastracture

Architecture

Simple login

UserNginx ACME proxyWebappSSO appAccess the login of the webapplicationForward the request to the webappReturn the login formshow loginPOST login with username and passwordForward the request to the webappForward username, password and the secret of the webapp to the SSO appauthentication and return with the secret signed JWT tokenForward JWT to the proxyUsers client receives the tokenUserNginx ACME proxyWebappSSO app

Unatuthorized login

UserNginx ACME proxyWebappSSO appgenerate JWT tokenTry to access restricted resourceForward the request to the webappReturn HTTP 302 - redirect to loginGET login (login?redirect=webapp/restricted resource)return login formshow loginPOST login with username and passwordForward the request to the SSO appredirect the request to the restricted page with the JWT tokenReturn the requested resource with the JWT tokenUsers client receives the requested resource and the tokenUserNginx ACME proxyWebappSSO app

SSO app needs to check the Client-ID in the request header, and should accept the request only from the registered clients

Boxweb appopen websocket connectioncan send command for example to generate a new pinBoxweb app

Matomo

Matomo is an analytics tool to follow the usage of the web sites. It is possible to check the used devices (OS, screen resolution), the visitors locations and so on.

Matomo

Mysql

Matomo needs a database. In this case I choosed MySQL to store the analytics data.

Gatsby.js

Gatsby is an open source frontend framework. Its main advantages are:

  • better performance
  • higher security
  • cheaper, easier scaling

Nginx

Nginx is a very popular and super fast open source web server. In the case of anulu nginx redirects the requests either to an anouther docker container, which executes another nginx instance to reach anulu portal, or it is redirects the requests to the matomo. The commincation is encrypted with ACME, to generate the renewable Let's Encrypt certificates for matomo and for anulu.