Single Sign-On

Single Signon and Qrvey

Qrvey currently uses the standard OpenID protocol for user verification and authentication. The OpenID standard provides a framework for the communication that must take place between the identity provider and the OpenID acceptor (Qrvey).

For more information on the OpenID user authentication protocol, see:

https://en.wikipedia.org/wiki/OpenID

https://openid.net/

 

Typical Use Case

Many customers have created web applications that require their users to be authenticated and verified in order to gain access. The web application may rely upon other services, like Qrvey, that also have user verification requirements. The question becomes how to provide seamless user authentication across all services.

For the specific embedded implementation of Qrvey in a parent application there are a few assumptions. It would be expected that the parent application would redirect to Qrvey to allow the user to create feedback applications. That implies that there is an instance of Qrvey available and that the parent application developer knows the URL to the dedicated instance of Qrvey. That URL is provided by Qrvey In this context. It is also expected that there is an OpenID provider that is used to manage the user access credentials.

 

Logic Flow

  • The link to gain access to Qrvey will exercise the OpenID protocol by posting the openid_identifier (a unique user reference) to the OpenID provider. 
  • The OpenID provider will verify the openid_identifier value. If the user is not currently logged into the parent application, the user will be requested to provide login credentials by the OpenID provider. 
  • The OpenID provider will redirect back to Qrvey and return an email address. It may also return the first name and last name of the user.
  • Qrvey will verify the openid_identifier against previously stored information in the Qrvey user repository. If the user can’t be found, the user information is automatically added to the Qrvey user repository. 
  • The user is then presented with the Qrvey user interface.

Note: Since the user will have already been authenticated through the parent application, Qrvey automatically adds information about a new user to the Qrvey user information repository.

 

Additional Single Signon Protocols

Although Qrvey currently only supports the OpenID protocol promoted by the OpenID Foundation, we are expecting to support the SAML (Security Asseertion Markup Language), WS-Fed, and OAuth 2.0 in the near future.

 

User Management

In this scenario it is expected that the maintenance of user information is under the purview of the parent application. It is possible that there may be scenarios that require management of the user information in the Qrvey user repository. Qrvey provides an API to facilitate the process.

 

Sample Form to Test OpenID Verification

<html>
<head>
</head>
<body>
<form action="[Qrvey URL]/login/openid" method="post">
    <div>
   <label>OpenID:</label>
    <input type="text" name="openid_identifier"/><br/>
    </div>
    <div>
    <input type="submit" value="Submit"/>
    </div>
</form>
</body>
</html>