Discussions

I'm a bit confused by iMIS' SSO implementation and could use some guidance.

I'm working on a setup for a client that uses iMIS and attempting to meet the following request:

• user can log in through Client Application/Web site using SSO
• On successful login (received valid Token and user is a valid Member, not just an authenticated user), user is then directed to secure area of client application
• user can then follow links from that secure area back to iMIS customer site and NOT need to log in again, so long as their token is valid.

For nearly all of the implementations that I have done with OAuth2 previously, the flow generally goes: Client application is registered with Host. Client application contacts the host authentication server, and the user logs in via the host system. Host then redirects back to client application and provides an authorization code, and then a subsequent request is issued for a Token. The token can then be used or refreshed to retain access to user data from the host to the client.

When I accessed the SSO info for iMIS, it was confusing as it indicates that I need to facilitate the login on the Client side, rather than transition to iMIS and be re-directed back via a redirect URI post authentication. This seems to be counter to most implementations of OAuth2 that I have used. (Here is the SSO documentation I am referencing: https://help.imis.com/imis2017/Features/RiSE/Maintenance/Single_Sign_On.htm)

If I am responsible for creating the login prompt (rather than using the host login), and simply using the API to facilitate authentication, I can successfully execute this through the API, but then how do I subsequently use the Token to access other pages on the iMIS site side without requiring them to log in again?